MyFirstUDRKit/test/grants.ddl
2023-01-25 14:54:48 +01:00

106 lines
3.5 KiB
SQL

-- exit;
/*
* Initial Developer's Public License.
* The contents of this file are subject to the Initial Developer's Public
* License Version 1.0 (the "License"). You may not use this file except
* in compliance with the License. You may obtain a copy of the License at
* http://www.ibphoenix.com?a=ibphoenix&page=ibp_idpl
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is copyright 2004-2020 Paul Reeves.
*
* The Initial Developer of the Original Code is Paul Reeves
*
* All Rights Reserved.
*
*/
set list on;
set echo off;
-- These files should be deleted by the calling batch file
-- however if this script is run standalone then uncomment these lines.
--shell del autogrant.ddl;
--shell del grants_isql.txt;
output autogrant.ddl;
select distinct ' EXECUTE ON PROCEDURE ' || RDB$PROCEDURE_NAME || ' to SYSDBA;' as "GRANT"
from RDB$PROCEDURES
where RDB$PROCEDURE_NAME not starting with 'RDB$' and RDB$SYSTEM_FLAG = 0;
select distinct ' EXECUTE ON FUNCTION ' || RDB$FUNCTION_NAME || ' to SYSDBA;' as "GRANT"
from RDB$FUNCTIONS
where RDB$FUNCTION_NAME not starting with 'RDB$' and RDB$SYSTEM_FLAG = 0;
select ' ALL ON ' || RDB$RELATION_NAME || ' to SYSDBA;' as "GRANT"
from RDB$RELATIONS
where RDB$RELATION_NAME not starting with 'RDB$'
and RDB$RELATION_NAME not starting with 'MON$'
and RDB$RELATION_NAME not starting with 'SEC$' ;
select distinct ' ALL ON ' || RDB$VIEW_NAME || ' to SYSDBA;' as "GRANT"
from RDB$VIEW_RELATIONS
where RDB$VIEW_NAME not starting with 'RDB$';
select distinct ' EXECUTE ON PROCEDURE ' || RDB$PROCEDURE_NAME || ' to FWFRAMEWORK_OWNER;' as "GRANT"
from RDB$PROCEDURES
where RDB$PROCEDURE_NAME not starting with 'RDB$' and RDB$SYSTEM_FLAG = 0;
select distinct ' EXECUTE ON FUNCTION ' || RDB$FUNCTION_NAME || ' to FWFRAMEWORK_OWNER;' as "GRANT"
from RDB$FUNCTIONS
where RDB$FUNCTION_NAME not starting with 'RDB$' and RDB$SYSTEM_FLAG = 0;
select ' ALL ON ' || RDB$RELATION_NAME || ' to FWFRAMEWORK_OWNER;' as "GRANT"
from RDB$RELATIONS
where RDB$RELATION_NAME not starting with 'RDB$'
and RDB$RELATION_NAME not starting with 'MON$'
and RDB$RELATION_NAME not starting with 'SEC$' ;
select distinct ' ALL ON ' || RDB$VIEW_NAME || ' to FWFRAMEWORK_OWNER;' as "GRANT"
from RDB$VIEW_RELATIONS
where RDB$VIEW_NAME not starting with 'RDB$';
-- FIX ME - we need to grant admin to framework_owner, check that the full list is generated and then look
-- at revoking the output, or hard-coding the grant list
select ' usage on generator ' || trim(r.RDB$GENERATOR_NAME) || ' to ' || trim(s.SEC$USER_NAME) || ';' as "GRANT"
from RDB$GENERATORS r
cross join SEC$USERS s
where r.RDB$SYSTEM_FLAG <>1;
/*
-- Uncomment this section to grant all to public. Or use this as a
-- template to grant to specific users.
select ' ALL ON ' || RDB$RELATION_NAME || ' to public;' as "GRANT"
from RDB$RELATIONS
where RDB$RELATION_NAME not starting with 'RDB$'
and RDB$RELATION_NAME not starting with 'MON$'
and RDB$RELATION_NAME not starting with 'SEC$' ;
select distinct ' ALL ON ' || RDB$VIEW_NAME || ' to public;' as "GRANT"
from RDB$VIEW_RELATIONS
where RDB$VIEW_NAME not starting with 'RDB$';
-- This is too broad!
--select distinct ' EXECUTE ON PROCEDURE ' || RDB$PROCEDURE_NAME || ' to public;' as "GRANT"
--from RDB$PROCEDURES
--where RDB$PROCEDURE_NAME not starting with 'RDB$' and RDB$SYSTEM_FLAG = 0;
*/
output grants_isql.txt;
set echo on;
input autogrant.ddl;
commit;