On Wed, 7 Mar 2012 12:04:34 +0200, Nols Smit <[email protected]> wrote: > If a user logon under role named Role2, then the trigger of TABLE1 forces > me to give Role2 full access to > Category_ID and RegistrationDate. My intention was may only update > MemAddress in TABLE1. > > Generally speaking: It seems a role must have all privileges on a table's > fields used in the table's triggers > > > Will anyone clarify this confusing security issue?
Did you grant the necessary rights to the trigger itself? I might be wrong, but if no rights are granted to the trigger, then the caller permission is used. Mark
