Problem: Why ROLEs privileges for one user are not summarized? I mean if user A has SELECT privilege in role B, and UPDATE in role C, after user connects to a database roles C and B can be joined to give user A SELECT and UPDATE privileges. Solution: A user can only assume the privileges of one role at a time. In InterBase the user must disconnect from the database and reconnect with a different role in order to have the privileges granted to the second role. So, from your example above user A must specify EITHER role B or role C when connecting to the database. This means that user A will have the SELECT privilege from role B OR the UPDATE privilege from role C, but NOT both. The part about only allowing a user to assume one role at a time is in the proposed SQL standard. The part about having to disconnect and reconnect to specify a different role is an InterBase requirement.
Last Modified: 26-OCT-00