106 lines
3.5 KiB
SQL
106 lines
3.5 KiB
SQL
-- exit;
|
|
|
|
/*
|
|
* Initial Developer's Public License.
|
|
* The contents of this file are subject to the Initial Developer's Public
|
|
* License Version 1.0 (the "License"). You may not use this file except
|
|
* in compliance with the License. You may obtain a copy of the License at
|
|
* http://www.ibphoenix.com?a=ibphoenix&page=ibp_idpl
|
|
* Software distributed under the License is distributed on an "AS IS" basis,
|
|
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
|
|
* for the specific language governing rights and limitations under the
|
|
* License.
|
|
*
|
|
* The Original Code is copyright 2004-2020 Paul Reeves.
|
|
*
|
|
* The Initial Developer of the Original Code is Paul Reeves
|
|
*
|
|
* All Rights Reserved.
|
|
*
|
|
*/
|
|
|
|
|
|
|
|
set list on;
|
|
set echo off;
|
|
-- These files should be deleted by the calling batch file
|
|
-- however if this script is run standalone then uncomment these lines.
|
|
--shell del autogrant.ddl;
|
|
--shell del grants_isql.txt;
|
|
output autogrant.ddl;
|
|
|
|
select distinct ' EXECUTE ON PROCEDURE ' || RDB$PROCEDURE_NAME || ' to SYSDBA;' as "GRANT"
|
|
from RDB$PROCEDURES
|
|
where RDB$PROCEDURE_NAME not starting with 'RDB$' and RDB$SYSTEM_FLAG = 0;
|
|
|
|
select distinct ' EXECUTE ON FUNCTION ' || RDB$FUNCTION_NAME || ' to SYSDBA;' as "GRANT"
|
|
from RDB$FUNCTIONS
|
|
where RDB$FUNCTION_NAME not starting with 'RDB$' and RDB$SYSTEM_FLAG = 0;
|
|
|
|
select ' ALL ON ' || RDB$RELATION_NAME || ' to SYSDBA;' as "GRANT"
|
|
from RDB$RELATIONS
|
|
where RDB$RELATION_NAME not starting with 'RDB$'
|
|
and RDB$RELATION_NAME not starting with 'MON$'
|
|
and RDB$RELATION_NAME not starting with 'SEC$' ;
|
|
|
|
|
|
select distinct ' ALL ON ' || RDB$VIEW_NAME || ' to SYSDBA;' as "GRANT"
|
|
from RDB$VIEW_RELATIONS
|
|
where RDB$VIEW_NAME not starting with 'RDB$';
|
|
|
|
|
|
select distinct ' EXECUTE ON PROCEDURE ' || RDB$PROCEDURE_NAME || ' to FWFRAMEWORK_OWNER;' as "GRANT"
|
|
from RDB$PROCEDURES
|
|
where RDB$PROCEDURE_NAME not starting with 'RDB$' and RDB$SYSTEM_FLAG = 0;
|
|
|
|
select distinct ' EXECUTE ON FUNCTION ' || RDB$FUNCTION_NAME || ' to FWFRAMEWORK_OWNER;' as "GRANT"
|
|
from RDB$FUNCTIONS
|
|
where RDB$FUNCTION_NAME not starting with 'RDB$' and RDB$SYSTEM_FLAG = 0;
|
|
|
|
select ' ALL ON ' || RDB$RELATION_NAME || ' to FWFRAMEWORK_OWNER;' as "GRANT"
|
|
from RDB$RELATIONS
|
|
where RDB$RELATION_NAME not starting with 'RDB$'
|
|
and RDB$RELATION_NAME not starting with 'MON$'
|
|
and RDB$RELATION_NAME not starting with 'SEC$' ;
|
|
|
|
select distinct ' ALL ON ' || RDB$VIEW_NAME || ' to FWFRAMEWORK_OWNER;' as "GRANT"
|
|
from RDB$VIEW_RELATIONS
|
|
where RDB$VIEW_NAME not starting with 'RDB$';
|
|
|
|
-- FIX ME - we need to grant admin to framework_owner, check that the full list is generated and then look
|
|
-- at revoking the output, or hard-coding the grant list
|
|
select ' usage on generator ' || trim(r.RDB$GENERATOR_NAME) || ' to ' || trim(s.SEC$USER_NAME) || ';' as "GRANT"
|
|
from RDB$GENERATORS r
|
|
cross join SEC$USERS s
|
|
where r.RDB$SYSTEM_FLAG <>1;
|
|
|
|
/*
|
|
-- Uncomment this section to grant all to public. Or use this as a
|
|
-- template to grant to specific users.
|
|
|
|
select ' ALL ON ' || RDB$RELATION_NAME || ' to public;' as "GRANT"
|
|
from RDB$RELATIONS
|
|
where RDB$RELATION_NAME not starting with 'RDB$'
|
|
and RDB$RELATION_NAME not starting with 'MON$'
|
|
and RDB$RELATION_NAME not starting with 'SEC$' ;
|
|
|
|
|
|
select distinct ' ALL ON ' || RDB$VIEW_NAME || ' to public;' as "GRANT"
|
|
from RDB$VIEW_RELATIONS
|
|
where RDB$VIEW_NAME not starting with 'RDB$';
|
|
|
|
-- This is too broad!
|
|
--select distinct ' EXECUTE ON PROCEDURE ' || RDB$PROCEDURE_NAME || ' to public;' as "GRANT"
|
|
--from RDB$PROCEDURES
|
|
--where RDB$PROCEDURE_NAME not starting with 'RDB$' and RDB$SYSTEM_FLAG = 0;
|
|
*/
|
|
|
|
output grants_isql.txt;
|
|
set echo on;
|
|
input autogrant.ddl;
|
|
commit;
|
|
|
|
|
|
|
|
|