Hi,

I'm using FB 2.5

I'm using roles where I assign a group of users to a role and assign certain privileges to a role on a certain fields in a table.

Let say there are two tables: TABLE1 and TABLE1_CATEGORIES.


Table TABLE1 has fields:

ID
Category_ID
RegistrationDate
Title_ID
Initials
Surname
Province_ID
MemAddress


Role1 has full access to all fields of TABLE1 and TABLE1_CATEGORIES but Role2 may only update MemAddress in TABLE1

In the Trigger of TABLE1, when Category_ID and/or RegistrationDate change, a record is inserted into table TABLE1_CATEGORIES
Also if the RegistrationDate changes, the RegistrationDate is updated in TABLE1_CATEGORIES

If a user logon under role named Role2, then the trigger of TABLE1 forces me to give Role2 full access to
Category_ID and RegistrationDate. My intention was may only update MemAddress in TABLE1.

Generally speaking: It seems a role must have all privileges on a table's fields used in the table's triggers


Will anyone clarify this confusing security issue?


Regards,

Nols Smit


[Non-text portions of this message have been removed]