FirebirdSQL logo

The names of the security tables have SEC$ as prefix.They display data from the current security database.These tables are virtual in the sense that before access by the user, no data is recorded in them.They are filled with data at the time of user request.However, the descriptions of these tables are constantly present in the database.In this sense, these virtual tables are like tables of the MON$-family used to monitor the server.

Security
  • SYSDBA, users with the RDB$ADMIN role in the security database and the current database, and the owner of the security database have full access to all information provided by the security tables.

  • Regular users can only see information on themselves, other users are not visible.

Important

These features are highly dependent on the user management plugin.Keep in mind that some options are ignored when using a legacy control plugin users.

List of security tables
[fblangref50-appx06-dbcreators]

Lists users and roles granted the CREATE DATABASE privilege

[fblangref50-appx06-authmapping]

Information about global authentication mappings

[fblangref50-appx06-users]

Lists users in the current security database

[fblangref50-appx06-userattr]

Additional attributes of users

SEC$DB_CREATORS

Lists users and roles granted the CREATE DATABASE privilege.

Column Name Data Type Description

SEC$USER

CHAR(63)

Name of the user or role

SEC$USER_TYPE

SMALLINT

Type of user:

8 - user
13 - role

docnext count = 3

SEC$GLOBAL_AUTH_MAPPING

Lists users and roles granted the CREATE DATABASE privilege.

Column Name Data Type Description

SEC$MAP_NAME

CHAR(63)

Name of the mapping

SEC$MAP_USING

CHAR(1)

Using definition:

P - plugin (specific or any)
S - any plugin serverwide
M - mapping
* - any method

SEC$MAP_PLUGIN

CHAR(63)

Mapping applies for authentication information from this specific plugin

SEC$MAP_DB

CHAR(63)

Mapping applies for authentication information from this specific database

SEC$MAP_FROM_TYPE

CHAR(63)

The type of authentication object (defined by plugin) to map from, or * for any type

SEC$MAP_FROM

CHAR(255)

The name of the authentication object to map from

SEC$MAP_TO_TYPE

SMALLINT Nullable

The type to map to

0 - USER
1 - ROLE

SEC$MAP_TO

CHAR(63)

The name to map to

SEC$DESCRIPTION

BLOB TEXT

Comment on the mapping

SEC$USERS

Lists users in the current security database.

Column Name Data Type Description

SEC$USER_NAME

CHAR(63)

Username

SEC$FIRST_NAME

VARCHAR(32)

First name

SEC$MIDDLE_NAME

VARCHAR(32)

Middle name

SEC$LAST_NAME

VARCHAR(32)

Last name

SEC$ACTIVE

BOOLEAN

true - active, false - inactive

SEC$ADMIN

BOOLEAN

true - user has admin role in security database, false otherwise

SEC$DESCRIPTION

BLOB TEXT

Description (comment) on the user

SEC$PLUGIN

CHAR(63)

Authentication plugin name that manages this user

Important

Multiple users can exist with the same username, each managed by a different authentication plugin.

SEC$USER_ATTRIBUTES

Additional attributes of users

Column Name Data Type Description

SEC$USER_NAME

CHAR(63)

Username

SEC$KEY

VARCHAR(63)

Attribute name

SEC$VALUE

VARCHAR(255)

Attribute value

SEC$PLUGIN

CHAR(63)

Authentication plugin name that manages this user

Displaying a list of users and their attributes
SELECT
  U.SEC$USER_NAME AS LOGIN,
  A.SEC$KEY AS TAG,
  A.SEC$VALUE AS "VALUE",
  U.SEC$PLUGIN AS "PLUGIN"
FROM SEC$USERS U
LEFT JOIN SEC$USER_ATTRIBUTES A
  ON U.SEC$USER_NAME = A.SEC$USER_NAME
    AND U.SEC$PLUGIN = A.SEC$PLUGIN;

LOGIN    TAG     VALUE   PLUGIN
======== ======= ======= ===================
SYSDBA   <null>  <null>  Srp
ALEX     B       x       Srp
ALEX     C       sample  Srp
SYSDBA   <null>  <null>  Legacy_UserManager