-- exit; /* * Initial Developer's Public License. * The contents of this file are subject to the Initial Developer's Public * License Version 1.0 (the "License"). You may not use this file except * in compliance with the License. You may obtain a copy of the License at * http://www.ibphoenix.com?a=ibphoenix&page=ibp_idpl * Software distributed under the License is distributed on an "AS IS" basis, * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License * for the specific language governing rights and limitations under the * License. * * The Original Code is copyright 2004-2020 Paul Reeves. * * The Initial Developer of the Original Code is Paul Reeves * * All Rights Reserved. * */ set list on; set echo off; -- These files should be deleted by the calling batch file -- however if this script is run standalone then uncomment these lines. --shell del autogrant.ddl; --shell del grants_isql.txt; output autogrant.ddl; select distinct ' EXECUTE ON PROCEDURE ' || RDB$PROCEDURE_NAME || ' to SYSDBA;' as "GRANT" from RDB$PROCEDURES where RDB$PROCEDURE_NAME not starting with 'RDB$' and RDB$SYSTEM_FLAG = 0; select distinct ' EXECUTE ON FUNCTION ' || RDB$FUNCTION_NAME || ' to SYSDBA;' as "GRANT" from RDB$FUNCTIONS where RDB$FUNCTION_NAME not starting with 'RDB$' and RDB$SYSTEM_FLAG = 0; select ' ALL ON ' || RDB$RELATION_NAME || ' to SYSDBA;' as "GRANT" from RDB$RELATIONS where RDB$RELATION_NAME not starting with 'RDB$' and RDB$RELATION_NAME not starting with 'MON$' and RDB$RELATION_NAME not starting with 'SEC$' ; select distinct ' ALL ON ' || RDB$VIEW_NAME || ' to SYSDBA;' as "GRANT" from RDB$VIEW_RELATIONS where RDB$VIEW_NAME not starting with 'RDB$'; select distinct ' EXECUTE ON PROCEDURE ' || RDB$PROCEDURE_NAME || ' to FWFRAMEWORK_OWNER;' as "GRANT" from RDB$PROCEDURES where RDB$PROCEDURE_NAME not starting with 'RDB$' and RDB$SYSTEM_FLAG = 0; select distinct ' EXECUTE ON FUNCTION ' || RDB$FUNCTION_NAME || ' to FWFRAMEWORK_OWNER;' as "GRANT" from RDB$FUNCTIONS where RDB$FUNCTION_NAME not starting with 'RDB$' and RDB$SYSTEM_FLAG = 0; select ' ALL ON ' || RDB$RELATION_NAME || ' to FWFRAMEWORK_OWNER;' as "GRANT" from RDB$RELATIONS where RDB$RELATION_NAME not starting with 'RDB$' and RDB$RELATION_NAME not starting with 'MON$' and RDB$RELATION_NAME not starting with 'SEC$' ; select distinct ' ALL ON ' || RDB$VIEW_NAME || ' to FWFRAMEWORK_OWNER;' as "GRANT" from RDB$VIEW_RELATIONS where RDB$VIEW_NAME not starting with 'RDB$'; -- FIX ME - we need to grant admin to framework_owner, check that the full list is generated and then look -- at revoking the output, or hard-coding the grant list select ' usage on generator ' || trim(r.RDB$GENERATOR_NAME) || ' to ' || trim(s.SEC$USER_NAME) || ';' as "GRANT" from RDB$GENERATORS r cross join SEC$USERS s where r.RDB$SYSTEM_FLAG <>1; /* -- Uncomment this section to grant all to public. Or use this as a -- template to grant to specific users. select ' ALL ON ' || RDB$RELATION_NAME || ' to public;' as "GRANT" from RDB$RELATIONS where RDB$RELATION_NAME not starting with 'RDB$' and RDB$RELATION_NAME not starting with 'MON$' and RDB$RELATION_NAME not starting with 'SEC$' ; select distinct ' ALL ON ' || RDB$VIEW_NAME || ' to public;' as "GRANT" from RDB$VIEW_RELATIONS where RDB$VIEW_NAME not starting with 'RDB$'; -- This is too broad! --select distinct ' EXECUTE ON PROCEDURE ' || RDB$PROCEDURE_NAME || ' to public;' as "GRANT" --from RDB$PROCEDURES --where RDB$PROCEDURE_NAME not starting with 'RDB$' and RDB$SYSTEM_FLAG = 0; */ output grants_isql.txt; set echo on; input autogrant.ddl; commit;