An administrator is a user that has sufficient rights to read, write to, create, alter or delete any object in a database to which that user’s administrator status applies.The table summarises how “superuser” privileges are enabled in the various Firebird security contexts.
Table 1. Administrator (“Superuser”) Characteristics
User |
RDB$ADMIN Role |
Comments |
SYSDBA
|
Auto |
Exists automatically at server level.Has full privileges to all objects in all databases.Can create, alter and drop users, but has no direct remote access to the security database |
root user on POSIX |
Auto |
Exactly like SYSDBA .Firebird Embedded only. |
Superuser on POSIX |
Auto |
Exactly like SYSDBA .Firebird Embedded only. |
Windows Administrator |
Set as CURRENT_ROLE if login succeeds |
Exactly like SYSDBA if the following are all true:
-
In firebird.conf file, AuthServer includes Win_Sspi , and Win_Sspi is present in the client-side plugins (AuthClient ) configuration
-
In databases where AUTO ADMIN MAPPING is enabled, or an equivalent mapping of the predefined group DOMAIN_ANY_RID_ADMINS for the role RDB$ADMIN exists
-
No role is specified at login
|
Database owner |
Auto |
Like SYSDBA , but only in the databases they own |
Regular user |
Must be previously granted;must be supplied at login or have been granted as a default role |
Like SYSDBA , but only in the databases where the role is granted |
POSIX OS user |
Must be previously granted;must be supplied at login or have been granted as a default role |
Like SYSDBA , but only in the databases where the role is granted.Firebird Embedded only. |
Windows user |
Must be previously granted;must be supplied at login |
Like SYSDBA , but only in the databases where the role is granted.Only available if in firebird.conf file, AuthServer includes Win_Sspi , and Win_Sspi is present in the client-side plugins (AuthClient ) configuration |