Online Documentation for SQL Manager for InterBase/Firebird

Security management


Security for InterBase/Firebird relies on a central security database for each server host. This database contains a record for each legitimate user who has permission to connect to databases and services on that host. Each record includes the user login name and the associated encrypted password. The entries in this security database apply to all databases on the server host.

 

InterBase/Firebird manages database access permissions using the concept of users:

  • SYSDBA (a special user account that can bypass normal SQL security and perform tasks such as database backups and shutdowns; this is the only authorized user initially; the default password for the user is masterkey);
  • other users (other users on a per-server basis created by SYSDBA)

 

Embedded Database User Authentication is supported by InterBase 7.5 and later versions of InterBase.

Embedded User Authentication stores user name / password accounts in the database. This overrides the server-wide security database for user authentication. Only the database owner is allowed to administer embedded user authentication against a database. A normal user may alter the password for their user account.

Note: There are issues related to database backup/restore performed under embedded users. For details refer to the official InterBase documentation.

 

InterBase/Firebird implements features for assigning SQL privileges to groups of users. SQL roles are implemented on a per-database basis, and the implementation includes the following:

A user can belong to only one role per connection to the database and cannot change role while connected. To change role, the user must disconnect and reconnect, specifying a different role name.

 

SQL Manager for InterBase/Firebird provides tools for efficient management of InterBase/Firebird users and SQL roles:

 

User Manager

A tool for managing InterBase/Firebird server users.

 

User Editor

A tool for editing InterBase/Firebird server users.

 

Role Manager

A tool for managing InterBase/Firebird database roles.

 

Members of Role

A tool for defining InterBase/Firebird database role members.

 

Grant Manager

Allows you to manage grants on your InterBase/Firebird database objects.

 

Adding Users

 

Editing Users

  • select the Tools | User Manager main menu item or use the corresponding btnUserManager toolbar button to open User Manager;
  • right-click and select the Edit User... item from the context menu or within the Navigation bar;
  • edit the user properties and membership using User Editor.

 

Deleting Users

  • select the Tools | User Manager main menu item or use the corresponding btnUserManager toolbar button to open User Manager;
  • right-click the user to delete and select the Delete User item from the context menu or within the Navigation bar;
  • confirm deleting in the dialog window.

 

Adding Roles

  • select the Database | New Object... main menu item;
  • select Role in the Create New Object dialog;
  • define role name and confirm new role declaration in the dialog window

or

  • select the Tools | Role Manager main menu item to open Role Manager;
  • right-click and select the Add Role... item from the context menu or within the Navigation bar;
  • define role name and confirm new role declaration in the dialog window.

Hint: To create a new role, you can also right-click the Roles node or any object within this node in the DB Explorer tree and select the New Role... item from the context menu.

 

To create a new role with the same properties as one of existing roles has:

Alternatively, you can right-click a role in the DB Explorer tree and select the Duplicate Role 'role_name'... context menu item.

 

Duplicate Object Wizard allows you to select the database to create a new role in, and to view the result SQL statement for creating the role.

 

Editing Role Members

 

Deleting Roles

  • select the Tools | Role Manager main menu item to open Role Manager;
  • right-click the role to delete and select the Delete Role item from the context menu or within the Navigation bar;
  • confirm deleting in the dialog window.

 

Managing Privileges

  • select the Tools | Grant Manager main menu item, or use the corresponding btnGrantManager toolbar button to open Grant Manager;
  • select the object type using the drop-down list on the toolbar;
  • select a user, a role, a view, a trigger, or a procedure from the Privileges for list available within the Navigation bar;
  • edit the grantee's privileges using Grant Manager

or