Subject AW: [firebird-support] SetUID stored procedures?
Author Steffen Heil

> I was just thinking, for some of the tables that I've made,
> it would be good if I could make it so that ordinary users
> could not SELECT * (for instance) on it, nor INSERT INTO, but
> could use stored procedures that *DO* do these things. I was
> thinking that this could be implemented by marking those
> stored procedures as having been marked SetUID by a
> particular user, and so they would run with the privs of that
> user (similar to UNIX). I don't think this is possible on
> any other platform, but I could be wrong. Is this possible
> on Firebird right now? I couldn't see anything like that in
> the manual... (Mind, not even PostgreSQL has it, and they
> seem to have *everything* under the sun...) :)

It is possible right now.
All firebird stored procedures have SetUID on, and change rights to the
owner of the stored procedure.

Table T, Stored Procedure S
User U and H

Don't give any privileges for T to U, but all to H.
Let S be owned by H.
Give execute rights for S to U.

Never give anyone creditials for H, but for U.

Now users can access T only using S.

At least this is the way I understand SQL security.


[Non-text portions of this message have been removed]