Closed
Description
fb.5 & fb.4 'with caller privileges' has no effect in triggers
(no this error in stored procedure )
tested in linux & windows FB3, FB4 & FB5
work on FB3. exception on FB4 & FB5
example under windows:
rem cd C:\TOOLSET\Firebird\Firebird_3_0
rem cd C:\TOOLSET\Firebird\Firebird_4_0
cd C:\TOOLSET\Firebird\Firebird_5_0
isql
connect 'd:\database\FB5\my_database.fdb' user 'SYSDBA' ;
drop user my_user;
drop database;
create database 'd:\database\FB5\my_database.fdb' user 'SYSDBA' page_size 8192 default character set UTF8;
set term ^;
create user my_user password 'my_pass' ^
commit work ^
create table my_table
( my_num integer
, my_data varchar(255)
) ^
commit work ^
insert into my_table(my_num , my_data) values (1, 'qwerty') ^
commit work ^
create table my_table_2
( my_num integer
, my_data varchar(255)
) ^
grant all on table my_table_2 to user my_user ^
commit work ^
create or alter trigger my_table_2_trigger
for my_table_2
active before insert or update or delete
position 100
as
declare variable nm$check_ok integer;
begin
execute statement 'select first 1 1 from my_table '
with caller privileges
into: nm$check_ok;
end ^
grant all on table my_table_2 to trigger my_table_2_trigger ^
grant select on table my_table to trigger my_table_2_trigger ^ -- <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
commit work ^
connect 'd:\database\FB5\my_database.fdb' user 'my_user' ^
insert into my_table_2(my_num , my_data) values (1234, 'qwerty') ^
-- in FB5 and FB4
-- Statement failed, SQLSTATE = 28000
-- no permission for SELECT access to TABLE MY_TABLE
-- -Effective user is MY_USER
-- -At trigger 'MY_TABLE_2_TRIGGER' line: 12, col: 13
commit work ^
select * from my_table_2 ^
-- in FB 3 :
-- MY_NUM MY_DATA
-- ===================================
-- 1234 qwerty