|Subject||Re: [IBDI] Internet|
> > select GEN_ID(GEN_TEST,1) from RDB$DatabaseSo we are at least three.
> > Even though sysdba created the generator, someone never given
> > permission to
> > anything can go in and happily waste generator numbers, tell me
> > that isn't a
> > problem !! :-)
> You seem to be the only person that says like me that this is a problem.
> It's not only about wasting numbers. By moving the generator backwards, II can't figure out what the proper solution should be.
> can make insertions fail if the generator feeds a PK, since Gen_id accepts
> arbitrary integer argument as the increment, including negative values.
We can add e.g. something like
GRANT SELECT ON GENERATOR <gen> TO ...
it will give right to call GEN_ID(<gen>, 0)
GRANT INSERT ON GENERATOR <gen> TO ...
it will give right to call GEN_ID(<gen>, 1)
GRANT UPDATE ON GENERATOR <gen> TO ...
it will give right to call GEN_ID(<gen>, <any integer value>)
With such grants you can grant insert/update rights to trigger
that generates primary keys. Good.
But in many cases you need to retrieve generator's value
in advance, e.g. by SP or by SELECT GEN_ID() FROM rdb$database;
Even if user has right to call GEN_ID with only 0 or 1 increments,
nothing stops him from calling it in endless loop
(but maybe it is not problem with 64-bit generators)