Security for Procedures

From InterBase
Jump to: navigation, search

Go Up to Using Stored Procedures (Embedded SQL Guide)


When an application calls a stored procedure, the person running the application must have EXECUTE privilege on the stored procedure. An extension to the GRANT statement enables assignment of EXECUTE privilege, and an extension to the REVOKE statement enables removal of the privilege. For more information about granting privileges to users, see the Data Definition Guide.

In addition, if the stored procedure accesses objects in the database, one of two things must be true: either the user running the application or the called stored procedure must have the appropriate permissions on the accessed objects. The GRANT statement assigns privileges to procedures, and REVOKE eliminates privileges.

Retrieved from "https://docwiki.embarcadero.com/InterBase/XE7/e/index.php?title=Security_for_Procedures&oldid=17294"