|Subject||Re: [Firebird-Architect] Database triggers|
>> >> What account do the trigger run under?...
> I agree; that really doesn't make sense.Surely the first question is; Who can create these triggers?
> So, the question remains: What account should the trigger
> run under?
Presumably only SYSDBA/owner should be able to create
At this stage it seems to me that the same rule should apply
to transaction triggers (and also on metadata create/drop if
we have them too).
So, following on from that, we should then be able to use
GRANT/REVOKE in exactly the same method as already used with
existing triggers to allow/deny access to other resources
outside the current users access level.
(For the sort of purposes being proposed here (logging etc)
it seems to me critical that the triggers should be able to
perform functions not available to the current user account.)
That all seems to make sense to me, and be a simple solution.
BUT can anyone here see a problem with it?