Default administrator is not part of PUBLIC role

[prrvchr]

Hi all,

I use H2 in embedded mode.
I connect to the database with an URL and a property user set to SA.
This does indeed create an SA administrator when connecting to the database if it does not exist.

But this does not add it to the PUBLIC role.
Would it be possible for it to be added to the PUBLIC role when it is created?

Thanks.

[katzyn]

Why it should? PUBLIC is not an ordinal role. Actually a role with such name may not exist, the SQL Standard forbids creation of authorization identifiers with this name, but requires that privileges grated to PUBLIC must be available for all authorization identifiers.

H2 has an internal role with this name, but you shouldn't ever try to grant it to anyone. H2 actually must reject such grants immediately, but such check is missing, so there is bug. This role also shouldn't appear in lists of roles.

[prrvchr]

Hi katzyn,

Normally I am able to manage privileges in Base.
The GRANT and DROP assignment does not pose a problem.
But in addition to assigning privileges I must be able to know the privileges attributable by the current connected user (ie: SA).
This allows or not to enable the checkbox assignment of the appropriate privileges in the graphical interface.

If SA is not part of PUBLIC role he appears to have no right to assign privileges.
If it is part of the PUBLIC role then it is able to assign privileges...
Perhaps these two things are not related.

[prrvchr]

I can make Base believe that the connected user has all rights.

This poses the problem of a less user-friendly interface since it gives the impression that privileges can be modified when they are not (ie: privileges on system tables)