Triggers and Security
Go Up to Using Triggers
Triggers can be granted privileges on tables, just as users or procedures can be granted privileges. Use the GRANT
statement, but instead of using TO
<username>, use TO
TRIGGER
<trigger_name>. Privileges of triggers can be revoked similarly using REVOKE
. For more information about GRANT
and REVOKE
, see Planning Security.
When a user performs an action that fires a trigger, the trigger will have privileges to perform its actions if:
- The trigger has privileges for the action.
- The user has privileges for the action.
So, for example, if a user performs an UPDATE
of table A, which fires a trigger, and the trigger performs an INSERT
on table B, the INSERT
will occur if the user has INSERT
privileges on the table or the trigger has insert privileges on the table.
If there are insufficient privileges for a trigger to perform its actions, InterBase will set the appropriate SQLCODE
error number. The trigger can handle this error with a WHEN
clause. If it does not handle the error, an error message will be returned to the application, and the actions of the trigger and the statement which fired it will be undone.