Triggers and Security

From InterBase
Jump to: navigation, search

Go Up to Using Triggers


Triggers can be granted privileges on tables, just as users or procedures can be granted privileges. Use the GRANT statement, but instead of using TO <username>, use TO TRIGGER <trigger_name>. Privileges of triggers can be revoked similarly using REVOKE. For more information about GRANT and REVOKE, see Planning Security.

When a user performs an action that fires a trigger, the trigger will have privileges to perform its actions if:

  • The trigger has privileges for the action.
  • The user has privileges for the action.

So, for example, if a user performs an UPDATE of table A, which fires a trigger, and the trigger performs an INSERT on table B, the INSERT will occur if the user has INSERT privileges on the table or the trigger has insert privileges on the table.

If there are insufficient privileges for a trigger to perform its actions, InterBase will set the appropriate SQLCODE error number. The trigger can handle this error with a WHEN clause. If it does not handle the error, an error message will be returned to the application, and the actions of the trigger and the statement which fired it will be undone.

Advance To: