FirebirdSQL logo
 ROLEStatements for Revoking Privileges 

Examples of Granting the EXECUTE Privilege

  1. Granting the EXECUTE privilege on a stored procedure to a role:

    GRANT EXECUTE ON PROCEDURE ADD_EMP_PROJ
  TO ROLE MANAGER;

  2. Granting the EXECUTE privilege on a stored function to a role:

    GRANT EXECUTE ON FUNCTION GET_BEGIN_DATE
  TO ROLE MANAGER;

  3. Granting the EXECUTE privilege on a package to user PUBLIC:

    GRANT EXECUTE ON PACKAGE APP_VAR
  TO USER PUBLIC;

  4. Granting the EXECUTE privilege on a function to a package:

    GRANT EXECUTE ON FUNCTION GET_BEGIN_DATE
  TO PACKAGE APP_VAR;

The USAGE Privilege

To be able to use metadata objects other than tables, views, stored procedures or functions, triggers and packages, it is necessary to grant the user (or database object like trigger, procedure or function) the USAGE privilege on these objects.

By default, Firebird executes PSQL modules with the privileges of the caller, so it is necessary that either the user or otherwise the routine itself has been granted the USAGE privilege.This can be changed with the SQL SECURITY clause of the DDL statements of those objects.

Note

The USAGE privilege is currently only available for exceptions and sequences (in gen_id(gen_name, n) or next value for gen_name).Support for the USAGE privilege for other metadata objects may be added in future releases.
Note

For sequences (generators), the USAGE privilege only grants the right to increment the sequence using the GEN_ID function or NEXT VALUE FOR.The SET GENERATOR statement is a synonym for ALTER SEQUENCE …​ RESTART WITH …​, and is considered a DDL statement.By default, only the owner of the sequence and administrators have the rights to such operations.The right to set the initial value of any sequence can be granted with GRANT ALTER ANY SEQUENCE, which is not recommend for general users.