Hi! I feel a bit overwhelmed by user rights in a database in respect to stored procedures.
I have a database owned by user OWNER. I want to give limited access to user ATTACKER, so that he can read and write the database through a stored procedure MODIFY_DATABASE. So I grant: GRANT EXECUTE ON PROCEDURE modify_database TO attacker; But I also need to grant required rights to the procedure: GRANT SELECT ON readonly_table TO PROCEDURE modify_database; GRANT SELECT, INSERT, UPDATE ON other_table TO PROCEDURE modify_database; Suppose the procedure MODIFY_DATABASE calls other procedures to read or write the database. That would mean that I would have to add execute rigths on those procedures to MODIFY_DATABASE, and grant EXECUTE/SELECT/INSERT etc. rights to those procedures and the procedures called by them, etc. Can I somehow avoid this? I mean, somehow make MODIFY_DATABASE to have all rights on all objects, as if it were called by OWNER and not ATTACKER? Thanks, Josef ------------------------------------ ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Visit http://www.firebirdsql.org and click the Resources item on the main (top) menu. Try Knowledgebase and FAQ links ! Also search the knowledgebases at http://www.ibphoenix.com ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Yahoo! Groups Links <*> To visit your group on the web, go to: http://groups.yahoo.com/group/firebird-support/ <*> Your email settings: Individual Email | Traditional <*> To change settings online go to: http://groups.yahoo.com/group/firebird-support/join (Yahoo! ID required) <*> To change settings via email: firebird-support-dig...@yahoogroups.com firebird-support-fullfeatu...@yahoogroups.com <*> To unsubscribe from this group, send an email to: firebird-support-unsubscr...@yahoogroups.com <*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/