diff --git a/doc/sql.extensions/README.user_management b/doc/sql.extensions/README.user_management index db03d8aa0f..a64acbb828 100644 --- a/doc/sql.extensions/README.user_management +++ b/doc/sql.extensions/README.user_management @@ -13,7 +13,7 @@ Syntax is: ALTER USER name SET [PASSWORD 'password'] [ options ] [ TAGS ( tag [, tag [, tag ...]] ) ] ALTER CURRENT USER SET [PASSWORD 'password'] [ options ] [ TAGS ( tag [, tag [, tag ...]] ) ] CREATE OR ALTER USER name SET [PASSWORD 'password'] [ options ] [ TAGS ( tag [, tag [, tag ...]] ) ] - DROP USER name; + DROP USER name [USING PLUGIN name]; where OPTIONS is a (probably empty) list of following options: - FIRSTNAME 'firstname' @@ -21,6 +21,7 @@ where OPTIONS is a (probably empty) list of following options: - LASTNAME 'lastname' - ACTIVE - INACTIVE +- USING PLUGIN name and each TAG may have one of two forms: name = 'string value' @@ -34,7 +35,7 @@ Description: Makes it possible to add, modify and delete users in security database using SQL language. Firebird since version 3.0 supports multiple security databases. gsec utility and services API -do not support it and use of them to manage users is deprecated. +do not support it and use of them to manage users is deprecated. CREATE and DROP clauses are available only for SYSDBA (or other user, granted RDB$ADMIN role in security database). Ordinary user can ALTER his own password, wide names and tags. Attempt to modify @@ -46,7 +47,10 @@ in ALTER USER statement. Also notice that PASSWORD clause is required when creat PASSWORD clause is enough self-descripting. Clauses FIRSTNAME, MIDDLENAME and LASTNAME too, but may be also used to store any short information about user. Clauses INACTIVE/ACTIVE are used to disable -user's login to server not dropping it from the list and restoring that ability. +user's login to server not dropping it from the list and restoring that ability. USING PLUGIN clause +makes it possible to work with users not only with default management plugin (first listed in +UserManager parameter in firebird.conf) but also with others. gsec utility and services API do not +support multiple user management plugins - default one is always used. TAGS is a list of end-user defined attributes. Length of the value should not exceed 255 bytes. Assigning name some value sets new or modifies existing tag. To remove the tag use DROP option. @@ -56,14 +60,14 @@ Notice - UID/GID, entered by deprecated gsec, are treated as tags in SQL interfa To access list of users please select from virtual tables SEC$USERS and SEC$USER_ATTRIBUTES. -Samples: +Samples (suppose UserManager=Srp,Legacy_UserManager in firebird.conf): Generic: CREATE USER alex PASSWORD 'test'; ALTER USER alex SET FIRSTNAME 'Alex' LASTNAME 'Peshkoff'; CREATE OR ALTER USER alex SET PASSWORD 'IdQfA'; DROP USER alex; - ALTER CURRENT USER SET PASSWORD 'SomethingLongEnough'; + ALTER CURRENT USER SET PASSWORD 'SomethingLongEnough' USING PLUGIN srp; Working with tags: ALTER USER alex SET TAGS (a='a', b='b'); @@ -88,16 +92,17 @@ Samples: Displaying users' list: SELECT CAST(U.SEC$USER_NAME AS CHAR(20)) LOGIN, CAST(A.SEC$KEY AS CHAR(10)) TAG, - CAST(A.SEC$VALUE AS CHAR(20)) "VALUE" + CAST(A.SEC$VALUE AS CHAR(20)) "VALUE", + SEC$PLUGIN "PLUGIN" FROM SEC$USERS U LEFT JOIN SEC$USER_ATTRIBUTES A ON U.SEC$USER_NAME = A.SEC$USER_NAME; - LOGIN TAG VALUE - ==================== ========== ==================== - SYSDBA - ALEX B x - ALEX C sample - + LOGIN TAG VALUE PLUGIN + ==================== ========== ==================== =============================== + SYSDBA Srp + ALEX B x Srp + ALEX C sample Srp + SYSDBA Legacy_UserManager Notice! This feature highly depends upon user management plugin. Take into an account that some options