Objects - Firebird

The “other half” of a permission is the object on which the privilege is to be applied or from which it is to be removed. An object can be a table, a view, a stored procedure, or a role, although not all privileges are necessarily applicable to all types of objects. An UPDATE privilege, for example, is not applicable to a procedure, and an EXECUTE privilege is not applicable to a table or a view.

There is no “packaged object” that encompasses all, or groups of, objects. There will be at least one GRANT statement for each database object.

Privilege Restrictions

The privileges SELECT, INSERT, UPDATE, and DELETE are applied only to objects that are tables or views. REFERENCES applies only to tables —specifically, those that are referenced by foreign keys.

For views, the user of the view must have privileges for the view itself, but permissions on the base tables must somehow be granted as well. The rule is that either the view’s owner, the view itself, or the view’s user must have the appropriate privileges to the base tables. It doesn’t matter how the privileges are acquired, but one of the three must have it.

Naturally updateable views also need SELECT, INSERT, UPDATE, and DELETE permissions on the base tables. When read-only views are made updateable by means of triggers, the triggers need permissions on the underlying tables, according to the operations defined by the trigger events.

EXECUTE can be applied only to stored procedures. A role is never granted “on” any object.


All rights reserved © 2018 Wisdom IT Services India Pvt. Ltd DMCA.com Protection Status

Firebird Topics