firebird/firebird-mirror
firebird/firebird-mirror
8
0
Fork 1
mirror of https://github.com/FirebirdSQL/firebird.git synced 2025-01-22 18:03:03 +01:00
Code Issues

misc

Browse Source
This commit is contained in:
alexpeshkoff 2014-04-08 10:46:33 +00:00
parent e38805e4c2
commit 6799288d01
1 changed files with 64 additions and 50 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

114
doc/sql.extensions/README.mapping.html
View File

@ -7,7 +7,9 @@
<META NAME="AUTHOR" CONTENT="irina ">
<META NAME="CREATED" CONTENT="20140325;10305100">
<META NAME="CHANGEDBY" CONTENT="Alex Peshkoff">
<META NAME="CHANGED" CONTENT="20140404;19502000">
<META NAME="CHANGED" CONTENT="20140408;14452800">
<META NAME="CHANGEDBY" CONTENT="Alex Peshkoff">
<META NAME="CHANGEDBY" CONTENT="Alex Peshkoff">
<STYLE TYPE="text/css">
<!--
@page { margin: 0.79in }
@ -19,24 +21,24 @@
<BODY LANG="ru-RU" DIR="LTR">
<P LANG="en-US" STYLE="margin-bottom: 0in"><FONT SIZE=4>SQL Language
Extension: CREATE/ALTER/CREATE_OR_ALTER/DROP MAPPING</FONT></P>
<P LANG="en-US" STYLE="margin-bottom: 0in"><BR>
<P STYLE="margin-bottom: 0in"><BR>
</P>
<P LANG="en-US" STYLE="margin-bottom: 0in"> <FONT SIZE=4>Implements
<P LANG="en-US" STYLE="margin-bottom: 0in"><FONT SIZE=4>Implements
capability to control mapping of security objects to and between
databases.</FONT></P>
<P LANG="en-US" STYLE="margin-bottom: 0in"><BR>
<P STYLE="margin-bottom: 0in"><BR>
</P>
<P LANG="en-US" STYLE="margin-bottom: 0in"><BR>
<P STYLE="margin-bottom: 0in"><BR>
</P>
<P LANG="en-US" STYLE="margin-bottom: 0in"><FONT SIZE=4>Author:</FONT></P>
<P LANG="en-US" STYLE="margin-bottom: 0in"> <FONT SIZE=4>Alex
Peshkoff &lt;<A HREF="mailto:peshkoff@mail.ru">peshkoff@mail.ru</A>&gt;</FONT></P>
<P LANG="en-US" STYLE="margin-bottom: 0in"><BR>
<P STYLE="margin-bottom: 0in"><FONT SIZE=4><SPAN LANG="en-US">Alex
Peshkoff &lt;<A HREF="mailto:peshkoff@mail.ru">peshkoff@mail.ru</A>&gt;</SPAN></FONT></P>
<P STYLE="margin-bottom: 0in"><BR>
</P>
<P LANG="en-US" STYLE="margin-bottom: 0in"><BR>
<P STYLE="margin-bottom: 0in"><BR>
</P>
<P LANG="en-US" STYLE="margin-bottom: 0in"><FONT SIZE=4>Preamble:</FONT></P>
<P LANG="en-US" STYLE="margin-bottom: 0in"><BR>
<P STYLE="margin-bottom: 0in"><BR>
</P>
<P LANG="en-US" STYLE="margin-bottom: 0in"><FONT SIZE=4>Firebird 3
supports multiple security databases. This is great feature, but it
@ -54,7 +56,7 @@ authentication &ndash; we had 2 separate lists of users (in security
database and OS) and sometimes it was needed to make them be related.
For example it appears to be good idea to automatically assign to
windows users from some group appropriate firebird role.</FONT></P>
<P LANG="en-US" STYLE="margin-bottom: 0in"><BR>
<P STYLE="margin-bottom: 0in"><BR>
</P>
<P LANG="en-US" STYLE="margin-bottom: 0in"><FONT SIZE=4>Single
solution for all this problems is MAPPING login information, assigned
@ -86,7 +88,7 @@ in firebird 3. What about mapping windows users to current_user
authentication enabled) in firebird 3 it must be done explicitly.
This is required for systems with multiple security databases - not
all of them need/use windows trusted authentication.</FONT></P>
<P LANG="en-US" STYLE="margin-bottom: 0in"><BR>
<P STYLE="margin-bottom: 0in"><BR>
</P>
<P LANG="en-US" STYLE="margin-bottom: 0in"><FONT SIZE=4>'From' part
of mapping has 4 items:</FONT></P>
@ -106,7 +108,7 @@ of mapping has 4 items:</FONT></P>
<P LANG="en-US" STYLE="margin-bottom: 0in"><FONT SIZE=4>Each item may
be ignored (any item is accepted) except type &ndash; it's definitely
bad idea to mix different types of security objects.</FONT></P>
<P LANG="en-US" STYLE="margin-bottom: 0in"><BR>
<P STYLE="margin-bottom: 0in"><BR>
</P>
<P LANG="en-US" STYLE="margin-bottom: 0in"><FONT SIZE=4>'To' part has
2 items:</FONT></P>
@ -116,37 +118,49 @@ bad idea to mix different types of security objects.</FONT></P>
<LI><P LANG="en-US" STYLE="margin-bottom: 0in"><FONT SIZE=4>type of
that name (only USER/ROLE are accepted here).</FONT></P>
</UL>
<P LANG="en-US" STYLE="margin-bottom: 0in"><BR>
<P STYLE="margin-bottom: 0in"><BR>
</P>
<P LANG="en-US" STYLE="margin-bottom: 0in"><FONT SIZE=4>Mappings are
defined using SQL (DDL) commands.</FONT></P>
<P LANG="en-US" STYLE="margin-bottom: 0in"><BR>
<P STYLE="margin-bottom: 0in"><BR>
</P>
<P LANG="en-US" STYLE="margin-bottom: 0in"><BR>
<P STYLE="margin-bottom: 0in"><BR>
</P>
<P LANG="en-US" STYLE="margin-bottom: 0in"><FONT SIZE=4>Syntax:</FONT></P>
<P LANG="en-US" STYLE="margin-bottom: 0in"><BR>
<P STYLE="margin-bottom: 0in"><BR>
</P>
<P LANG="en-US" STYLE="margin-left: 0.46in; margin-bottom: 0in; page-break-before: auto">
<FONT SIZE=4>{CREATE | ALTER | CREATE OR ALTER} [GLOBAL] MAPPING name
USING {PLUGIN name [IN database] | ANY PLUGIN [IN database |
SERVERWIDE] | MAPPING [IN database] | '*' [IN database]} FROM {ANY
type | type name} TO {USER | ROLE} [name]</FONT></P>
<P LANG="en-US" STYLE="margin-left: 0.46in; margin-bottom: 0in"><BR>
<P LANG="en-US" STYLE="margin-left: 0.46in; margin-bottom: 0in; page-break-before: auto; page-break-after: auto">
<FONT SIZE=4>{CREATE | ALTER | CREATE OR ALTER} [GLOBAL] MAPPING name</FONT></P>
<P LANG="en-US" STYLE="margin-left: 0.86in; margin-bottom: 0in; page-break-before: auto; page-break-after: auto">
<FONT SIZE=4>USING {PLUGIN name [IN database] | </FONT>
</P>
<P LANG="en-US" STYLE="margin-left: 1.6in; margin-bottom: 0in; page-break-before: auto; page-break-after: auto">
<FONT SIZE=4>ANY PLUGIN [IN database | SERVERWIDE] | </FONT>
</P>
<P LANG="en-US" STYLE="margin-left: 1.6in; margin-bottom: 0in"><FONT SIZE=4>MAPPING
[IN database] | </FONT>
</P>
<P LANG="en-US" STYLE="margin-left: 1.6in; margin-bottom: 0in"><FONT SIZE=4>'*'
[IN database]}</FONT></P>
<P LANG="en-US" STYLE="margin-left: 0.88in; margin-bottom: 0in; page-break-before: auto; page-break-after: auto">
<FONT SIZE=4>FROM {ANY type | type name}</FONT></P>
<P LANG="en-US" STYLE="margin-left: 0.88in; margin-bottom: 0in"><FONT SIZE=4>TO
{USER | ROLE} [name]</FONT></P>
<P STYLE="margin-left: 0.46in; margin-bottom: 0in"><BR>
</P>
<P LANG="en-US" STYLE="margin-left: 0.46in; margin-bottom: 0in"><FONT SIZE=4>DROP
[GLOBAL] MAPPING</FONT></P>
<P LANG="en-US" STYLE="margin-bottom: 0in"><BR>
[GLOBAL] MAPPING name</FONT></P>
<P STYLE="margin-bottom: 0in"><BR>
</P>
<P LANG="en-US" STYLE="margin-bottom: 0in"><BR>
<P STYLE="margin-bottom: 0in"><BR>
</P>
<P LANG="en-US" STYLE="margin-bottom: 0in"><FONT SIZE=4>Description:</FONT></P>
<P LANG="en-US" STYLE="margin-bottom: 0in"><BR>
<P STYLE="margin-bottom: 0in"><BR>
</P>
<P LANG="en-US" STYLE="margin-bottom: 0in"><FONT SIZE=4>Each mapping
may be tagged as GLOBAL. Pay attention that global and local maps
with same name may exist and they are different objects!</FONT></P>
<P LANG="en-US" STYLE="margin-bottom: 0in"><BR>
<P STYLE="margin-bottom: 0in"><BR>
</P>
<P LANG="en-US" STYLE="margin-bottom: 0in"><FONT SIZE=4>Create, alter
and create or alter commands use same set of options. Name of mapping
@ -160,41 +174,41 @@ results, or let it use any method using asterisk. In almost all cases
databases) one can also provide name of database in which name from
which mapping is performed was &ldquo;born&rdquo;. FROM clause must
set required parameter &ndash; type of name from which mapping is
done. When mapping names from plugins type is defined by plugin,
when previous mapping results - type can be only user or role. One
can provide explicit name which will be taken into an account by this
done. When mapping names from plugins type is defined by plugin, when
previous mapping results - type can be only user or role. One can
provide explicit name which will be taken into an account by this
mapping or use ANY keyword to work with any name of given type. In TO
clause USER or ROLE (to what mapping is done) must be specified, name
is optional - when it is not provided original name (from what
mapping is done) is used.</FONT></P>
<P LANG="en-US" STYLE="margin-bottom: 0in"><BR>
<P STYLE="margin-bottom: 0in"><BR>
</P>
<P LANG="en-US" STYLE="margin-bottom: 0in"><BR>
<P STYLE="margin-bottom: 0in"><BR>
</P>
<P LANG="en-US" STYLE="margin-bottom: 0in"><FONT SIZE=4>Samples:</FONT></P>
<P LANG="en-US" STYLE="margin-bottom: 0in"><BR>
<P STYLE="margin-bottom: 0in"><BR>
</P>
<P LANG="en-US" STYLE="margin-bottom: 0in"><FONT SIZE=4>All sample
are provided for CREATE command, use of ALTER is exactly the same,
use of DROP is obvious.</FONT></P>
<P LANG="en-US" STYLE="margin-bottom: 0in"><BR>
<P STYLE="margin-bottom: 0in"><BR>
</P>
<P LANG="en-US" STYLE="margin-bottom: 0in"><FONT SIZE=4>Enable use of
windows trusted authentication in all databases, using current
windows trusted authentication in all databases that use current
security database:</FONT></P>
<P LANG="en-US" STYLE="margin-bottom: 0in"><FONT SIZE=4>CREATE GLOBAL
MAPPING TRUSTED_AUTH USING PLUGIN WIN_SSPI FROM ANY USER TO USER;</FONT></P>
<P LANG="en-US" STYLE="margin-bottom: 0in"><BR>
<P STYLE="margin-bottom: 0in"><BR>
</P>
<P LANG="en-US" STYLE="margin-bottom: 0in"><FONT SIZE=4>Enable
SYSDBA-like access for windows admins:</FONT></P>
SYSDBA-like access for windows admins in current database:</FONT></P>
<P LANG="en-US" STYLE="margin-bottom: 0in"><FONT SIZE=4>CREATE
MAPPING WIN_ADMINS USING PLUGIN WIN_SSPI FROM Predefined_Group
DOMAIN_ANY_RID_ADMINS TO ROLE RDB$ADMIN;</FONT></P>
<P LANG="en-US" STYLE="margin-bottom: 0in"><FONT SIZE=4>(there is no
group DOMAIN_ANY_RID_ADMINS in windows, but such name is added by
win_sspi plugin to provide exact backwards compatibility)</FONT></P>
<P LANG="en-US" STYLE="margin-bottom: 0in"><BR>
<P STYLE="margin-bottom: 0in"><BR>
</P>
<P LANG="en-US" STYLE="margin-bottom: 0in"><FONT SIZE=4>Enable
particular user from other database access current database with
@ -203,17 +217,17 @@ other name:</FONT></P>
MAPPING FROM_RT USING PLUGIN SRP IN &quot;rt&quot; FROM USER U1 TO
USER U2;</FONT></P>
<P LANG="en-US" STYLE="margin-bottom: 0in"><FONT SIZE=4>(providing
database names/aliases in double quotes is important for file name
case-sensitive operating systems)</FONT></P>
<P LANG="en-US" STYLE="margin-bottom: 0in"><BR>
database names/aliases in double quotes is important for operating
systems that have case-sensitive file names)</FONT></P>
<P STYLE="margin-bottom: 0in"><BR>
</P>
<P LANG="en-US" STYLE="margin-bottom: 0in"><FONT SIZE=4>Enable
server's SYDBA (from main security database) access current database
assuming I has non-default security database:</FONT></P>
server's SYSDBA (from main security database) access current database
(assuming it has non-default security database):</FONT></P>
<P LANG="en-US" STYLE="margin-bottom: 0in"><FONT SIZE=4>CREATE
MAPPING DEF_SYSDBA USING PLUGIN SRP IN &quot;security.db&quot; FROM
USER SYSDBA TO USER;</FONT></P>
<P LANG="en-US" STYLE="margin-bottom: 0in"><BR>
<P STYLE="margin-bottom: 0in"><BR>
</P>
<P LANG="en-US" STYLE="margin-bottom: 0in"><FONT SIZE=4>Force people
who logged in using legacy authentication plugin have not too much
@ -221,20 +235,20 @@ rights:</FONT></P>
<P LANG="en-US" STYLE="margin-bottom: 0in"><FONT SIZE=4>CREATE
MAPPING LEGACY_2_GUEST USING PLUGIN legacy_auth FROM ANY USER TO USER
GUEST;</FONT></P>
<P LANG="en-US" STYLE="margin-bottom: 0in"><BR>
<P STYLE="margin-bottom: 0in"><BR>
</P>
<P LANG="en-US" STYLE="margin-bottom: 0in"><BR>
<P STYLE="margin-bottom: 0in"><BR>
</P>
<P LANG="en-US" STYLE="margin-bottom: 0in"><FONT SIZE=4>Notice:</FONT></P>
<P LANG="en-US" STYLE="margin-bottom: 0in"><BR>
<P STYLE="margin-bottom: 0in"><BR>
</P>
<P LANG="en-US" STYLE="margin-bottom: 0in"><FONT SIZE=4>Global
mapping works best if firebird 3 or higher version database is used
as security database. If you plan to use other database as security
one (using for example your own provider) please create in it table
RDB$MAP with structure repeating one in firebird 3 database and
RDB$MAP with structure repeating one in firebird 3 database and
SYSDBA-only write access.</FONT></P>
<P LANG="en-US" STYLE="margin-bottom: 0in"><BR>
<P STYLE="margin-bottom: 0in"><BR>
</P>
</BODY>
</HTML>