A chain of ownership exists between a stored procedure, SQL function, view, or trigger and a table accessed by that object if the same user owns the calling object and the table. With this chain of ownership, the owner of a stored procedure, view, SQL function, or trigger gives another user implicit access on the dependent object by granting explicit access to the user on the procedure, view, and so on. Granting access to the dependent object is unnecessary.
If a user has implicit permission on a table through a chain of ownership, Adaptive Server does not apply the predicates from any row-filtering grant commands for this access.
For example, the owner of the employee table grants user “Priscilla” access to see the employee data in the payroll department:
grant select on employee where dept = 'payroll' to priscilla
When Priscilla enters:
select name, phone from employee where city='SFO'
Adaptive Server returns the names and phone numbers of only those employees who live in San Francisco and work in the payroll department.
However, if the owner of the employee table creates the following procedure and grants execute access to priscilla, Adaptive Server detects the ownership chain between employee and employee_addresses:
create procedure employee_addresses as select name, phone from employee
Priscilla is given implicit access to all rows in employee in the context of the procedure without restrictions from the predicate on the previous grant.
