Subject Re: [Firebird-Architect] Database triggers
Author Adriano dos Santos Fernandes
Geoff Worboys wrote:
>>>>> What account do the trigger run under?
> ...
>> I agree; that really doesn't make sense.
>> So, the question remains: What account should the trigger
>> run under?
> Surely the first question is; Who can create these triggers?
> Presumably only SYSDBA/owner should be able to create
> connect/disconnect triggers.
> At this stage it seems to me that the same rule should apply
> to transaction triggers (and also on metadata create/drop if
> we have them too).
> So, following on from that, we should then be able to use
> GRANT/REVOKE in exactly the same method as already used with
> existing triggers to allow/deny access to other resources
> outside the current users access level.
> (For the sort of purposes being proposed here (logging etc)
> it seems to me critical that the triggers should be able to
> perform functions not available to the current user account.)
> That all seems to make sense to me, and be a simple solution.
> BUT can anyone here see a problem with it?
Totally agreed.