TOP をテンプレートにして作成
ホーム
バックアップ
一覧
検索
最終更新
ヘルプ
ログイン
開始行
Administrative Features
Table of Contents
New RDB$ADMIN System Role
Trace and Audit Services
Monitoring Improvements
Certain improvements to Firebird's administrative feature...
New RDB$ADMIN System Role
Alex Peshkov
Multiple Databases and Superusers
System “Superusers”
Escalating RDB$ADMIN Scope for User Management
A new pre-defined system role RDB$ADMIN has been added fo...
To assign it, SYSDBA should log in to that database and g...
Important
If the user attaches with a user database role passed in ...
The following example transfers SYSDBA privileges to user...
GRANT RDB$ADMIN TO User1;
GRANT RDB$ADMIN TO "Admins\ADMINS";
Multiple Databases and Superusers
It should be understood that acquiring the RDB$ADMIN role...
If the same user needs Superuser privileges in more than ...
If more than one user is to have Superuser privileges in ...
One user that has acquired the RDB$ADMIN role in the data...
It is not necessary to specify WITH ADMIN OPTION (for the...
System “Superusers”
On POSIX hosts, the root user always had SYSDBA privilege...
Windows trusted user authentication is no longer availabl...
By default, the Authentication parameter in firebird.conf...
Global Admin Privileges for Windows Administrators
For a trusted domain administrator to get SYSDBA access p...
However, there is a way for the SYSDBA to configure the s...
ALTER ROLE Statement
To configure a database to map the RDB$ADMIN role to admi...
ALTER ROLE RDB$ADMIN
SET AUTO ADMIN MAPPING;
To revert to the default setting, preventing administrato...
ALTER ROLE RDB$ADMIN
DROP AUTO ADMIN MAPPING;
Services API Tag Items
The same effects are supported in the Services API by the...
These tags are supported in the fbsvcmgr utility.
Escalating RDB$ADMIN Scope for User Management
The new DDL command ALTER USER enables an “ordinary” user...
Because security2.fdb is created as (or should be upgrade...
Use the optional parameter GRANT ADMIN ROLE with a CREATE...
Notes
Notice that GRANT ADMIN ROLE and REVOKE ADMIN ROLE here a...
Any user that acquires the RDB$ADMIN role in a database i...
Examples
To grant the RDB$ADMIN role to user alex in the security ...
ALTER USER alex GRANT ADMIN ROLE;
To revoke the RDB$ADMIN role from user alex in the securi...
ALTER USER alex REVOKE ADMIN ROLE;
To drop user alex and destroy his privileges in all datab...
DROP USER alex;
Use the gsec utility with the new switch -admin. The swit...
Use the new SPB parameter isc_spb_sec_admin which impleme...
The fbsvmgr utility also supports the use of this parameter.
Tip
Firebird 2.5 does not allow you to set up more than one s...
In future, it will be essential to send these requests fr...
Trace and Audit Services
Vlad Khorsun
Overview of Features
The System Audit Session
User Trace Sessions
Trace Scope on Windows
Use Cases
Trace Plug-in Facilities
The new trace and audit facilities in v.2.5 were initiall...
Overview of Features
The new trace and audit facilities enable various events ...
A trace takes place in the context of a trace session. Ea...
The Firebird engine has a fixed list of events it can tra...
Tip
Every trace session is assigned a unique session ID. When...
Trace session ID nnnn started
where nnnn is the ID, of course.
The System Audit Session
A system audit session is started by the engine itself. T...
A new parameter in firebird.conf, AuditTraceConfigFile po...
A configuration file contains list of traced events and p...
Tip About the fbtrace.conf File
The file contains a large amount of commented text explai...
For example, a late pre-release enhancement enables Servi...
As another example, the matching algorithm for path names...
User Trace Sessions
A user trace session is managed by user, using some new c...
start: isc_action_svc_trace_start
stop: isc_action_svc_trace_stop
suspend: isc_action_svc_trace_suspend
resume: isc_action_svc_trace_resume
list all known trace sessions: isc_action_svc_trace_list
The syntax for the Services API calls are discussed in th...
Workings of a User Trace Session
When a user application starts a trace session, it sets a...
Note
Such files obviously do not live on the server. It will b...
For example, the command-line fbsvcmgr utility supports a...
The output of a user session is stored in set of temporar...
Once the user trace session service has been started by t...
At the point where the application decides to stop its tr...
Tip
The name of the character set of the attachment is includ...
A.FDB (ATT_36, SYSDBA:NONE, WIN1251, TCPv4:127.0.0.1)
If no character set is specified in the DPB, NONE is writ...
(CORE-3008)
Who Can Manage Trace Sessions?
Any user can initiate and manage a trace session. An ordi...
Abnormal Endings
If all Firebird processes are stopped, no user trace sess...
Note
This situation doesn't apply to the Classic server, of co...
User Trace Sample Configuration Texts
The following samples provide a reference for composing c...
Trace prepare, free and execution of all statements withi...
<database mydatabase.fdb>
enabled true
connection_id 12345
log_statement_prepare true
log_statement_free true
log_statement_start true
log_statement_finish true
time_threshold 0
</database>
Trace all connections of given user to database mydatabas...
<database mydatabase.fdb>
enabled true
include_filter %(INSERT|UPDATE|DELETE)%
log_statement_finish true
log_procedure_finish true
log_trigger_finish true
print_plan true
print_perf true
time_threshold 0
</database>
Command-line Requests for User Trace Services
A new command-line utility, named fbtracemgr, has been ad...
As well, the general Services utility, fbsvcmgr, can be u...
Start a user trace named “My trace” using a configuration...
fbsvcmgr service_mgr action_trace_start trc_name "My tr...
To stop this trace session, press Ctrl+C at the fbsvcmgr ...
List trace sessions:
fbsvcmgr service_mgr action_trace_list
Suspend trace sesson with ID 1
fbsvcmgr service_mgr action_trace_suspend trc_id 1
Resume trace sesson with ID 1
fbsvcmgr service_mgr action_trace_resume trc_id 1
Stop trace sesson with ID 1
fbsvcmgr service_mgr action_trace_stop trc_id 1
Tip
List sessions (see b.) in another console, look for the I...
Trace Scope on Windows
Tracker reference CORE-2588
On Windows, the trace tools exhibit shared memory conflic...
Use Cases
There are three general use cases:
Constant audit of engine activity
This is served by system audit trace. Administrator creat...
Important
To make audit configuration changes known to the engine, ...
On-demand interactive trace of some (or all) activity in ...
An application (which could be the fbtracemgr utility) st...
Engine activity collection for a significant period of ti...
An application starts a user trace session, reading the t...
Trace Plug-in Facilities
A new Trace API will provide a set of hooks which can be ...
This Trace API exists in Firebird 2.5 and is in use. Howe...
The implemented “standard” trace plug-in, fbtrace.dll (.s...
Monitoring Improvements
Dmitry Yemanov
Extended Access for Ordinary Users
New MON$ Metadata for ODS 11.2 Databases
Usage Notes
Firebird 2.5 sees the enhancement of the “MON$” database ...
Extended Access for Ordinary Users
The original design allowed non-privileged database users...
Tracker reference CORE-2233.
Notes
For an application architecture that entails a middleware...
The same extension was implemented in V.2.1.2.
New MON$ Metadata for ODS 11.2 Databases
Note
For the ODS 11.1 metadata please refer to the V.2.1 docum...
Character Set Change for MON$ Metadata
The system domain RDB$FILE_NAME2, that is used to define ...
(Tracker entry CORE-2551, A. dos Santos Fernandes)
MON$MEMORY_USAGE (current memory usage)
- MON$STAT_ID (statistics ID)
- MON$STAT_GROUP (statistics group)
0: database
1: attachment
2: transaction
3: statement
4: call
- MON$MEMORY_USED (number of bytes currently in use)
High-level memory allocations performed by the ...
Can be useful for tracing memory leaks and for ...
memory consumption and the attachments, procedu...
be responsible for it.
- MON$MEMORY_ALLOCATED (number of bytes currently a...
Low-level memory allocations performed by the F...
These are bytes actually allocated by the opera...
the physical memory consumption to be monitored.
Note
Not all records have non-zero values. On the whole, only ...
- MON$MAX_MEMORY_USED (maximum number of bytes used...
- MON$MAX_MEMORY_ALLOCATED (maximum number of bytes...
the operating system by this object)
MON$CONTEXT_VARIABLES (known context variables)
- MON$ATTACHMENT_ID (attachment ID)
Contains a valid ID only for session-level cont...
Transaction-level variables have this field set...
- MON$TRANSACTION_ID (transaction ID)
Contains a valid ID only for transaction-level ...
Session-level variables have this field set to ...
- MON$VARIABLE_NAME (name of context variable)
- MON$VARIABLE_VALUE (value of context variable)
Memory Usage in MON$STATEMENTS and MON$STATE
Memory usage statistics in MON$STATEMENTS and MON$STATE r...
Tracker reference: CORE-1583)
Usage Notes
Examples
“Top 10” statements ranked according to their memory usage:
SELECT FIRST 10
STMT.MON$ATTACHMENT_ID,
STMT.MON$SQL_TEXT,
MEM.MON$MEMORY_USED
FROM MON$MEMORY_USAGE MEM
NATURAL JOIN MON$STATEMENTS STMT
ORDER BY MEM.MON$MEMORY_USED DESC
To enumerate all session-level context variables for the ...
SELECT
VAR.MON$VARIABLE_NAME,
VAR.MON$VARIABLE_VALUE
FROM MON$CONTEXT_VARIABLES VAR
WHERE VAR.MON$ATTACHMENT_ID = CURRENT_CONNECTION
Terminating a Client
The MON$ structures are, by design, read-only. Thus, user...
To cancel all current activity for a specified connection:
DELETE FROM MON$STATEMENTS
WHERE MON$ATTACHMENT_ID = 32
To disconnect all clients except the “Me” connection:
DELETE FROM MON$ATTACHMENTS
WHERE MON$ATTACHMENT_ID <> CURRENT_CONNECTION
Note
A statement cancellation attempt becomes a void operation...
Upon cancellation, the execute/fetch API call returns the...
Subsequent operations are allowed.
Any active transactions in the connection being terminate...
Once terminated, the client session receives the isc_att_...
Subsequent attempts to use this connection handle will ca...
最終行:
Administrative Features
Table of Contents
New RDB$ADMIN System Role
Trace and Audit Services
Monitoring Improvements
Certain improvements to Firebird's administrative feature...
New RDB$ADMIN System Role
Alex Peshkov
Multiple Databases and Superusers
System “Superusers”
Escalating RDB$ADMIN Scope for User Management
A new pre-defined system role RDB$ADMIN has been added fo...
To assign it, SYSDBA should log in to that database and g...
Important
If the user attaches with a user database role passed in ...
The following example transfers SYSDBA privileges to user...
GRANT RDB$ADMIN TO User1;
GRANT RDB$ADMIN TO "Admins\ADMINS";
Multiple Databases and Superusers
It should be understood that acquiring the RDB$ADMIN role...
If the same user needs Superuser privileges in more than ...
If more than one user is to have Superuser privileges in ...
One user that has acquired the RDB$ADMIN role in the data...
It is not necessary to specify WITH ADMIN OPTION (for the...
System “Superusers”
On POSIX hosts, the root user always had SYSDBA privilege...
Windows trusted user authentication is no longer availabl...
By default, the Authentication parameter in firebird.conf...
Global Admin Privileges for Windows Administrators
For a trusted domain administrator to get SYSDBA access p...
However, there is a way for the SYSDBA to configure the s...
ALTER ROLE Statement
To configure a database to map the RDB$ADMIN role to admi...
ALTER ROLE RDB$ADMIN
SET AUTO ADMIN MAPPING;
To revert to the default setting, preventing administrato...
ALTER ROLE RDB$ADMIN
DROP AUTO ADMIN MAPPING;
Services API Tag Items
The same effects are supported in the Services API by the...
These tags are supported in the fbsvcmgr utility.
Escalating RDB$ADMIN Scope for User Management
The new DDL command ALTER USER enables an “ordinary” user...
Because security2.fdb is created as (or should be upgrade...
Use the optional parameter GRANT ADMIN ROLE with a CREATE...
Notes
Notice that GRANT ADMIN ROLE and REVOKE ADMIN ROLE here a...
Any user that acquires the RDB$ADMIN role in a database i...
Examples
To grant the RDB$ADMIN role to user alex in the security ...
ALTER USER alex GRANT ADMIN ROLE;
To revoke the RDB$ADMIN role from user alex in the securi...
ALTER USER alex REVOKE ADMIN ROLE;
To drop user alex and destroy his privileges in all datab...
DROP USER alex;
Use the gsec utility with the new switch -admin. The swit...
Use the new SPB parameter isc_spb_sec_admin which impleme...
The fbsvmgr utility also supports the use of this parameter.
Tip
Firebird 2.5 does not allow you to set up more than one s...
In future, it will be essential to send these requests fr...
Trace and Audit Services
Vlad Khorsun
Overview of Features
The System Audit Session
User Trace Sessions
Trace Scope on Windows
Use Cases
Trace Plug-in Facilities
The new trace and audit facilities in v.2.5 were initiall...
Overview of Features
The new trace and audit facilities enable various events ...
A trace takes place in the context of a trace session. Ea...
The Firebird engine has a fixed list of events it can tra...
Tip
Every trace session is assigned a unique session ID. When...
Trace session ID nnnn started
where nnnn is the ID, of course.
The System Audit Session
A system audit session is started by the engine itself. T...
A new parameter in firebird.conf, AuditTraceConfigFile po...
A configuration file contains list of traced events and p...
Tip About the fbtrace.conf File
The file contains a large amount of commented text explai...
For example, a late pre-release enhancement enables Servi...
As another example, the matching algorithm for path names...
User Trace Sessions
A user trace session is managed by user, using some new c...
start: isc_action_svc_trace_start
stop: isc_action_svc_trace_stop
suspend: isc_action_svc_trace_suspend
resume: isc_action_svc_trace_resume
list all known trace sessions: isc_action_svc_trace_list
The syntax for the Services API calls are discussed in th...
Workings of a User Trace Session
When a user application starts a trace session, it sets a...
Note
Such files obviously do not live on the server. It will b...
For example, the command-line fbsvcmgr utility supports a...
The output of a user session is stored in set of temporar...
Once the user trace session service has been started by t...
At the point where the application decides to stop its tr...
Tip
The name of the character set of the attachment is includ...
A.FDB (ATT_36, SYSDBA:NONE, WIN1251, TCPv4:127.0.0.1)
If no character set is specified in the DPB, NONE is writ...
(CORE-3008)
Who Can Manage Trace Sessions?
Any user can initiate and manage a trace session. An ordi...
Abnormal Endings
If all Firebird processes are stopped, no user trace sess...
Note
This situation doesn't apply to the Classic server, of co...
User Trace Sample Configuration Texts
The following samples provide a reference for composing c...
Trace prepare, free and execution of all statements withi...
<database mydatabase.fdb>
enabled true
connection_id 12345
log_statement_prepare true
log_statement_free true
log_statement_start true
log_statement_finish true
time_threshold 0
</database>
Trace all connections of given user to database mydatabas...
<database mydatabase.fdb>
enabled true
include_filter %(INSERT|UPDATE|DELETE)%
log_statement_finish true
log_procedure_finish true
log_trigger_finish true
print_plan true
print_perf true
time_threshold 0
</database>
Command-line Requests for User Trace Services
A new command-line utility, named fbtracemgr, has been ad...
As well, the general Services utility, fbsvcmgr, can be u...
Start a user trace named “My trace” using a configuration...
fbsvcmgr service_mgr action_trace_start trc_name "My tr...
To stop this trace session, press Ctrl+C at the fbsvcmgr ...
List trace sessions:
fbsvcmgr service_mgr action_trace_list
Suspend trace sesson with ID 1
fbsvcmgr service_mgr action_trace_suspend trc_id 1
Resume trace sesson with ID 1
fbsvcmgr service_mgr action_trace_resume trc_id 1
Stop trace sesson with ID 1
fbsvcmgr service_mgr action_trace_stop trc_id 1
Tip
List sessions (see b.) in another console, look for the I...
Trace Scope on Windows
Tracker reference CORE-2588
On Windows, the trace tools exhibit shared memory conflic...
Use Cases
There are three general use cases:
Constant audit of engine activity
This is served by system audit trace. Administrator creat...
Important
To make audit configuration changes known to the engine, ...
On-demand interactive trace of some (or all) activity in ...
An application (which could be the fbtracemgr utility) st...
Engine activity collection for a significant period of ti...
An application starts a user trace session, reading the t...
Trace Plug-in Facilities
A new Trace API will provide a set of hooks which can be ...
This Trace API exists in Firebird 2.5 and is in use. Howe...
The implemented “standard” trace plug-in, fbtrace.dll (.s...
Monitoring Improvements
Dmitry Yemanov
Extended Access for Ordinary Users
New MON$ Metadata for ODS 11.2 Databases
Usage Notes
Firebird 2.5 sees the enhancement of the “MON$” database ...
Extended Access for Ordinary Users
The original design allowed non-privileged database users...
Tracker reference CORE-2233.
Notes
For an application architecture that entails a middleware...
The same extension was implemented in V.2.1.2.
New MON$ Metadata for ODS 11.2 Databases
Note
For the ODS 11.1 metadata please refer to the V.2.1 docum...
Character Set Change for MON$ Metadata
The system domain RDB$FILE_NAME2, that is used to define ...
(Tracker entry CORE-2551, A. dos Santos Fernandes)
MON$MEMORY_USAGE (current memory usage)
- MON$STAT_ID (statistics ID)
- MON$STAT_GROUP (statistics group)
0: database
1: attachment
2: transaction
3: statement
4: call
- MON$MEMORY_USED (number of bytes currently in use)
High-level memory allocations performed by the ...
Can be useful for tracing memory leaks and for ...
memory consumption and the attachments, procedu...
be responsible for it.
- MON$MEMORY_ALLOCATED (number of bytes currently a...
Low-level memory allocations performed by the F...
These are bytes actually allocated by the opera...
the physical memory consumption to be monitored.
Note
Not all records have non-zero values. On the whole, only ...
- MON$MAX_MEMORY_USED (maximum number of bytes used...
- MON$MAX_MEMORY_ALLOCATED (maximum number of bytes...
the operating system by this object)
MON$CONTEXT_VARIABLES (known context variables)
- MON$ATTACHMENT_ID (attachment ID)
Contains a valid ID only for session-level cont...
Transaction-level variables have this field set...
- MON$TRANSACTION_ID (transaction ID)
Contains a valid ID only for transaction-level ...
Session-level variables have this field set to ...
- MON$VARIABLE_NAME (name of context variable)
- MON$VARIABLE_VALUE (value of context variable)
Memory Usage in MON$STATEMENTS and MON$STATE
Memory usage statistics in MON$STATEMENTS and MON$STATE r...
Tracker reference: CORE-1583)
Usage Notes
Examples
“Top 10” statements ranked according to their memory usage:
SELECT FIRST 10
STMT.MON$ATTACHMENT_ID,
STMT.MON$SQL_TEXT,
MEM.MON$MEMORY_USED
FROM MON$MEMORY_USAGE MEM
NATURAL JOIN MON$STATEMENTS STMT
ORDER BY MEM.MON$MEMORY_USED DESC
To enumerate all session-level context variables for the ...
SELECT
VAR.MON$VARIABLE_NAME,
VAR.MON$VARIABLE_VALUE
FROM MON$CONTEXT_VARIABLES VAR
WHERE VAR.MON$ATTACHMENT_ID = CURRENT_CONNECTION
Terminating a Client
The MON$ structures are, by design, read-only. Thus, user...
To cancel all current activity for a specified connection:
DELETE FROM MON$STATEMENTS
WHERE MON$ATTACHMENT_ID = 32
To disconnect all clients except the “Me” connection:
DELETE FROM MON$ATTACHMENTS
WHERE MON$ATTACHMENT_ID <> CURRENT_CONNECTION
Note
A statement cancellation attempt becomes a void operation...
Upon cancellation, the execute/fetch API call returns the...
Subsequent operations are allowed.
Any active transactions in the connection being terminate...
Once terminated, the client session receives the isc_att_...
Subsequent attempts to use this connection handle will ca...
ページ名:
新規
名前変更
ホーム
一覧
検索
最終更新
バックアップ
ヘルプ
最終更新のRSS