Security Implications of Using Triggers

Only certain users can create triggers:

  • The owner of the table on which the trigger has to be defined

  • Members of the db_owner and db_ddladmin database roles

  • Members of the sysadmin server role, because permissions don't affect them

The user who creates the trigger needs specific permissions to execute the statements defined in the code of the trigger.

Caution

If any of the objects referenced in the trigger don't belong to the same owner, you can have a broken ownership chain situation. To avoid this situation, it is recommended that dbo must be the owner of all the objects in a database.

Get Microsoft® SQL Server™ 2000 Programming by Example now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.