community.borland.com

Article #25613: User cannot assume two roles simultaneously

Problem:
Why ROLEs privileges for one user are not summarized? I mean if user
A has SELECT privilege in role B, and UPDATE in role C, after user
connects to a database roles C and B can be joined to give user A SELECT
and
UPDATE privileges.

Solution:
A user can only assume the privileges of one role at a time.  In
InterBase the user must disconnect from the database and reconnect with
a different role in order to have the privileges granted to the second
role.  So, from your example above user A must specify EITHER role B or
role C when connecting to the database.  This means that user A will
have the SELECT privilege from role B OR the UPDATE privilege from role
C, but NOT both.  

The part about only allowing a user to assume one role at a time is in
the proposed SQL standard.  The part about having to disconnect and
reconnect to specify a different role is an InterBase requirement.


Last Modified: 26-OCT-00