RDB$ADMIN can't restore a database, which worked in Firebird 3 alpha build 31152.
Used isql of Firebird3 beta as sysdba to setup a new user xy, made xy admin by doing grant RDB$ADMIN to xy; alter user xy grant admin role.
This new user, although admin, is not allowed to restore a database. Verified in isql that xy is RDB$ADMIN by doing select * from sec$users.
This user does not have privilege to perform this operation on this http://object.no permission for CREATE access to DATABASE C:\WEB\DATA\DATA4.FDB.
sysdba *can* restore this database. xy *can* restore using gbak -C ... -role RDB$ADMIN ...
firebird.conf is modified, since I use legacy applications (php, Flamerobin, SQLHammer)
> if "xy *can* restore using gbak -C ... -role RDB$ADMIN" what is a problem?
applications do not always have access to the command line, it should not be necessary for restore.
But the point is, it seems that the RDB$ADMIN role is not properly conveyed from an application to the server, or for some other reason the server does not apply the admin role.
Please try this in Flamerobin: connect as a user who is rdb$admin, use this role, and
create user abc password 'xxx'
Engine Code : 336723987
Engine Message :
add record error
no permission for INSERT access to TABLE PLG$VIEW_USERS
unknown ISC error 0
related: admin xy only sees his own record when doing select sec$user_name from sec$users in Flamerobin. Running the same query in isql as admin xy shows all users.
> using legacy applications you still can use new security model. They should work wih fresh fbclient. If not - it's a bug.
this is the complete error msg trying to restore using Flamerobin
Engine Code : 335544352
Engine Message :
no permission for CREATE access to DATABASE data5
failed to create database data5
unknown ISC error 336330835
I've made required fixes to firebird but that DOES NOT mean that it will be AT ONCE possible to restore database using flamerobin as you want. Some fixes are needed in flamerobin to make it learn to pass role name when restoring database (and to other services).