Subject | Re: [ib-support] grant on stored proc |
---|---|
Author | Helen Borrie |
Post date | 2002-09-26T02:25:47Z |
At 01:56 AM 26-09-02 +0000, you wrote:
engine considers it a selectable stored procedure - meaning (possibly) the
user needs SELECT rights on it as well.
heLen
>Hi there,What kind of SP is it? If it contains a SUSPEND statement, I think the
>
>My understanding of the line below (taken from "Working with stored
>procedures" in the Devel. Guide)
>
>"Stored procedures themselves sometimes need access to tables or
>views for which a user does not - or should not - have privileges."
>
>is that I can deny a user direct access to a table, but allow that
>person to execute a stored procedure, which has access to the table.
>I have such a circumstance, but I am getting the "permission denied"
>error.
>
>My scenario is:
>USER: MICK
>ROLE: STORE
>TABLE: EXCH
>SP: UPD_LAST_USE
>
>GRANT STORE TO MICK
>GRANT ALL ON EXCH TO UPD_LAST_USE
>GRANT EXECUTE ON PROCEDURE UPD_LAST_USE TO PUBLIC
>
>NB: EXCH is the only table touched by UPD_LAST_USE
>
>But when I login as MICK, using role STORE and execute the stored
>proc, I get the permission denied error.
>
>Why is this, when the sp has ALL access to EXCH, and the role STORE
>has EXECUTE on UPD_LAST_USE??
engine considers it a selectable stored procedure - meaning (possibly) the
user needs SELECT rights on it as well.
heLen