> > select GEN_ID(GEN_TEST,1) from RDB$Database
> >
> > Even though sysdba created the generator, someone never given
> > permission to
> > anything can go in and happily waste generator numbers, tell me
> > that isn't a
> > problem !! :-)
>
> You seem to be the only person that says like me that this is a problem.

So we are at least three.

> It's not only about wasting numbers. By moving the generator backwards, I
> can make insertions fail if the generator feeds a PK, since Gen_id accepts
> arbitrary integer argument as the increment, including negative values.

I can't figure out what the proper solution should be.
We can add e.g. something like

GRANT SELECT ON GENERATOR <gen> TO ...
it will give right to call GEN_ID(<gen>, 0)

GRANT INSERT ON GENERATOR <gen> TO ...
it will give right to call GEN_ID(<gen>, 1)

GRANT UPDATE ON GENERATOR <gen> TO ...
it will give right to call GEN_ID(<gen>, <any integer value>)

With such grants you can grant insert/update rights to trigger
that generates primary keys. Good.

But in many cases you need to retrieve generator's value
in advance, e.g. by SP or by SELECT GEN_ID() FROM rdb$database;
Even if user has right to call GEN_ID with only 0 or 1 increments,
nothing stops him from calling it in endless loop
(but maybe it is not problem with 64-bit generators)


Ivan
prenosil@...
http://www.volny.cz/iprenosil/interbase