ActiveSpaces Custom Roles
Permission checking introduces two new roles that are specific to ActiveSpaces. These roles must be configured in the FTL Server.
The tibdg-internal Role
When permission checking is enabled, to run a node, proxy or state keeper, you must have the
tibdg-internal role in addition to any other roles required to start up the process with authentication and authorization. If you do not have this role, the process exits during startup. For more information, see
Authorization Groups.The tibdg-ddl Role
When permission checking is enabled, to create or modify a table by using SQL, you must have the
tibdg-ddl role in addition to any other roles required to run as a client user with authentication and authorization. For more information, see
Authorization Groups.Impact of Permissions on SQL DDL Statements
To create a table by using SQL, you must have the
tibdg-ddl role. The table is created with the user having read and write permissions on it. To modify or delete a table by using SQL, you must have the
tibdg-ddl role and write permission on the table. Ensure that you grant permissions to the users or roles that are expected to use the table. If not, they cannot use the table. For more information about creating a table by using SQL DDL commands, see
Defining a Table by Using SQL DDL Commands.