INF: SQL Access Permissions and Trigger Execution

ID Number: Q47270

1.00 1.10 1.11 4.20

OS/2

Summary:

The following information discusses the topic of access permissions

and trigger execution.

More Information:

If an operation on an object causes an implicit operation on another

object, and both objects have the same owner, it is assumed that all

privileges granted for the explicit operation also apply to the

implicit operation. If the objects have different owners, it is

assumed that the different owners may have different ideas about who

should be granted access to what.

If user U1 owns table T1, and that table has a trigger that accesses

table T2 owned by user U2, then a third user U3 must have explicit

permission to access tables T1 and T2. If user U1 had also owned T2,

then user U3 would require only explicit permission to use T1.

Triggers should not provide a way for someone other than the owner of

an object to determine who has access.

In a production environment, all objects should be owned by the DBA

and this is not a problem. In a free-for-all environment, with many

users creating objects and triggers, this is the only way to provide

security.

Additional reference words: 1.00 1.10 1.11 4.20 Transact-SQL permissions