| Subject | Trigger Permissions |
|---|---|
| Author | Alan McDonald |
| Post date | 2009-02-16T07:03:16Z |
Windows FB 2.1 Superserver
I have an After Delete Trigger on Table A
IF (CURRENT_ROLE='ROLEONE') THEN BEGIN
UPDATE TABLEB SET FIELD='value' WHERE ID=OLD.FKFIELD;
END
Now, if someone with ROLETWO is logged on and deletes a record from TABLEA,
I get an exception
'no permission for read/select access to TABLE TABLEB'
If I grant ROLETWO select permission, I get
'no permission for update access to TABLE TABLEB'
I would have thought that the UPDATE statement inside the trigger would
never get executed
- nor tested for permissions when a person of ROLETWO is deleting a record
in TABLEA. But it seems not. I must give ROLETWO select and update
permission over TABLEA even though I never want ROLETWO to update it. Even
REFERENCE is not enough.
Does that seem logical? It would seem that the user grants are being
evaluated (tested) before the logical requirement of the trigger is being
fully assessed.
regards
Alan McDonald
I have an After Delete Trigger on Table A
IF (CURRENT_ROLE='ROLEONE') THEN BEGIN
UPDATE TABLEB SET FIELD='value' WHERE ID=OLD.FKFIELD;
END
Now, if someone with ROLETWO is logged on and deletes a record from TABLEA,
I get an exception
'no permission for read/select access to TABLE TABLEB'
If I grant ROLETWO select permission, I get
'no permission for update access to TABLE TABLEB'
I would have thought that the UPDATE statement inside the trigger would
never get executed
- nor tested for permissions when a person of ROLETWO is deleting a record
in TABLEA. But it seems not. I must give ROLETWO select and update
permission over TABLEA even though I never want ROLETWO to update it. Even
REFERENCE is not enough.
Does that seem logical? It would seem that the user grants are being
evaluated (tested) before the logical requirement of the trigger is being
fully assessed.
regards
Alan McDonald