Who Can Create a Mapping
The CREATE MAPPING
statement can be executed by:
-
The database owner — if the mapping is local
-
Users with the
CHANGE_MAPPING_RULES
system privilege — if the mapping is local
The CREATE MAPPING
statement can be executed by:
The database owner — if the mapping is local
Users with the CHANGE_MAPPING_RULES
system privilege — if the mapping is local
CREATE MAPPING
examplesEnable use of Windows trusted authentication in all databases that use the current security database:
CREATE GLOBAL MAPPING TRUSTED_AUTH
USING PLUGIN WIN_SSPI
FROM ANY USER
TO USER;
Enable RDB$ADMIN access for windows admins in the current database:
CREATE MAPPING WIN_ADMINS
USING PLUGIN WIN_SSPI
FROM Predefined_Group
DOMAIN_ANY_RID_ADMINS
TO ROLE RDB$ADMIN;
Note
|
The group |
Enable a particular user from another database to access the current database with another name:
CREATE MAPPING FROM_RT
USING PLUGIN SRP IN "rt"
FROM USER U1 TO USER U2;
Important
|
Database names or aliases will need to be enclosed in double quotes on operating systems that have case-sensitive file names. |
Enable the server’s SYSDBA (from the main security database) to access the current database.(Assume that the database is using a non-default security database):
CREATE MAPPING DEF_SYSDBA
USING PLUGIN SRP IN "security.db"
FROM USER SYSDBA
TO USER;
Ensure users who logged in using the legacy authentication plugin do not have too many privileges:
CREATE MAPPING LEGACY_2_GUEST
USING PLUGIN legacy_auth
FROM ANY USER
TO USER GUEST;