-- Готовим базу:
shell del C:\FBTESTING\qa\fbt-repo\tmp\c0805.fdb 2>nul;
create database 'localhost/3333:C:\FBTESTING\qa\fbt-repo\tmp\c0805.fdb';
commit;

drop user john_senior;
drop user mick_junior;
commit;
create user john_senior password 'qwe';
create user mick_junior password '123';
commit;

create or alter procedure sp_test as
begin
end;

recreate table test(id int, x int);
commit;

insert into test values(1, 100);
commit;

set term ^;
create or alter procedure sp_test returns(id int, x int) as
begin
  for select id, x from test into id, x do suspend;
end
^
set term ;^

revoke all on all from john_senior;
revoke all on all from mick_junior;
commit;

 grant select on test to procedure sp_test;
grant execute on procedure sp_test to john_senior;
commit; 


-- Теперь коннектимся от имени john_senior'a, который может вызывать ХП:
 connect  'localhost/3333:C:\FBTESTING\qa\fbt-repo\tmp\c0805.fdb' user ' john_senior ' password 'qwe';
-- (эффект от коннекта от имени 'mick_junior'a будет таким же)

set list on;

set term ^;

-- Этот ЕВ отработает ОК
execute block returns(who_am_i varchar(31), what_is_my_role varchar(31), id int, x int) as
begin
  for
      execute statement
      'select current_user, current_role, id, x from sp_test'
      as user 'john_senior' password 'qwe'
      into who_am_i, what_is_my_role, id, x
  do
      suspend;

end
^

-- А этот - обломается:
-- Statement failed, SQLSTATE = 28000
-- no permission for EXECUTE access to PROCEDURE SP_TEST
execute block returns(who_am_i varchar(31), what_is_my_role varchar(31), id int, x int) as
begin
  for
      execute statement
      'select current_user, current_role, id, x from sp_test'
       WITH CALLER PRIVILEGES 
      as user 'mick_junior' password '123'
      into who_am_i, what_is_my_role, id, x
  do
      suspend;

end
^
set term ;^

shell del C:\FBTESTING\qa\fbt-repo\tmp\c0805.fdb 2>nul;
create database 'localhost/3333:C:\FBTESTING\qa\fbt-repo\tmp\c0805.fdb';
commit;

drop user john_senior;
drop user mick_junior;
drop role role_for_mick;
commit;
create user john_senior password 'qwe';
create user mick_junior password '123';
commit;

create role role_for_mick;
commit;

create or alter procedure sp_test as
begin
end;

recreate table test(id int, x int);
commit;

insert into test values(1, 100);
commit;

set term ^;
create or alter procedure sp_test returns(id int, x int) as
begin
  for select id, x from test into id, x do suspend;
end
^

create or alter procedure sp_main(a_usr varchar(31), a_pwd varchar(31))
  returns(who_am_i varchar(31), what_is_my_role varchar(31), id int, x int) as
begin
  for
      execute statement
      'select current_user, current_role, id, x from sp_test'
      WITH CALLER PRIVILEGES -- если закомментарить, то выборки обломаются
      as user a_usr password a_pwd
      into who_am_i, what_is_my_role, id, x
  do
      suspend;
end
^
set term ;^
commit;

revoke all on all from john_senior;
revoke all on all from mick_junior;
revoke all on all from role_for_mick;
commit;

grant select on test to procedure sp_test;
grant execute on procedure sp_main to john_senior;
grant execute on procedure sp_main to role_for_mick;
grant execute on procedure sp_test to procedure sp_main;
grant role_for_mick to mick_junior;
commit;

set list on;

connect 'localhost/3333:C:\FBTESTING\qa\fbt-repo\tmp\c0805.fdb' user 'john_senior' password 'qwe';
select current_user, current_role from rdb$database;
select * from sp_main('john_senior', 'qwe');
commit;

connect 'localhost/3333:C:\FBTESTING\qa\fbt-repo\tmp\c0805.fdb' user 'mick_junior' password '123' role 'ROLE_FOR_MICK';
select current_user, current_role from rdb$database;
select * from sp_main('mick_junior', '123');