Thomas <thomas.k.h...@t-online.de> writes:
> Hi, > > having set-up SQL authorisation I would like to grant data modification rights > (insert, update, delete) to stored procedures only. > I was assuming that granting executing rights on a routine using GRANT EXECUTE > ON PROCEDURE to appl_user (with appl_user being a role) would automatically > grant the right to insert data to any user who can take on this role. So there > is no need to also GRANT INSERT ON TABLE xy TO appl_user. However testing > this I > am getting a '<user> does not have INSERT permission on table' error. Does > this > mean I have to grant rights on the tables accessed in a procedure on top of > granting execution rights on the procedure for this to work? Yes, currently, Derby routines execute with the invoker's current privileges. SQL has a provision for defining routines to run with the definer's privileges as well, but this is not yet implemented in Derby. Feel free to file an improvement request! Thanks, Dag
