firebird icon indicating copy to clipboard operation
firebird copied to clipboard
verified publisher icon FirebirdSQL

Default GRANT on ALL objects of a certain type

Open arkinform opened this issue 7 months ago • 2 comments

In Postgres there is a GRANT syntax for all object of a certain type including all future objects https://www.postgresql.org/docs/current/sql-alterdefaultprivileges.html. For example:

GRANT SELECT, INSERT, UPDATE, DELETE ON ALL TABLES IN SCHEMA public TO myuser;
ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT, INSERT, UPDATE, DELETE ON TABLES TO myuser;

Schemas are not supported in Firebird at present, but it does not matter for the current task.

This syntax can be very useful if it is necessary to create separate database user in addition to the database owner, for example, for some application server access, with full read-write access but without access to alter metadata. At present we have to update grants explicitly after every database metadata upgrade.

arkinform avatar Jun 01 '25 10:06 arkinform

Yes, this is what is called "security".

aafemt avatar Jun 01 '25 10:06 aafemt

We have System Privileges for such purposes, which are given to roles. Besides, the schematics are coming soon, so it's worth waiting.

sim1984 avatar Jun 01 '25 10:06 sim1984