On Fri, Apr 5, 2013 at 10:52 AM, Alexandre Benson Smith <
ibl...@thorsoftware.com.br> wrote:
> I don't think trowing an error is the best, the select could be
> performed but no value returned for that column. The engine should
> provide mechanisms to treat it as a whole like
>
> select * from MyTable where MyForbidenField > 0
>
> returns an empty result set, since the user has no privileges to access
> that field value
>
I would implement it so that if a user does not have SELECT permission on a
field that any mention of that field in a SELECT statement is an outright
error for that user. Just as if the field did not exist.
------------------------------------------------------------------------------
Minimize network downtime and maximize team effectiveness.
Reduce network management and security costs.Learn how to hire
the most talented Cisco Certified professionals. Visit the
Employer Resources Portal
http://www.cisco.com/web/learning/employer_resources/index.html
Firebird-Devel mailing list, web interface at
https://lists.sourceforge.net/lists/listinfo/firebird-devel
