| Subject | Re: [firebird-support] Object permissions issue when delegating access rigths |
|---|---|
| Author | Vlad Khorsun |
| Post date | 2008-04-10T22:04:42Z |
> SET TERM ^ ;EXECUTE STATEMENT executed with user context, not trigger's one.
> CREATE OR ALTER TRIGGER TABLE2_AU FOR TABLE2 ACTIVE
> AFTER UPDATE POSITION 0
> as begin
> -- if some_field_in2 was changed up execute was_an_update
> if (new.some_field_in2 <> old.some_field_in2) then execute statement
> 'execute procedure just_checking;';
> end^
> SET TERM ; ^
>
> /******************** GRANT ********************/
> GRANT UPDATE ON TABLE1 TO MYUSERNAME;
> GRANT UPDATE ON TABLE2 TO TRIGGER TABLE1_AU;
> GRANT EXECUTE ON PROCEDURE JUST_CHECKING TO TRIGGER TABLE2_AU;
>
> commit;
>
> -- ===================================
> -- > here login as MYUSERNAME
> -- ===================================
> update TABLE1 set SOME_FIELD_IN1 = SOME_FIELD_IN1 + 1;
>
> -- ===================================
> -- > will raise :
> --> Statement failed, SQLCODE = -551
> --> no permission for execute access to PROCEDURE
> JUST_CHECKING
> --> -At trigger 'TABLE2_AU'
> --> At trigger 'TABLE1_AU'
> -- ===================================
> --> same issue if directly execute prcedure from table2_au
> --> if (new.some_field_in2 <> old.some_field_in2) then execute
> procedure just_checking;
> -- ===================================
Therefore trigger's provileges not accounted.
Regards,
Vlad