select case when max(d.RDB$DEPENDED_ON_TYPE) = 0 then cast('grant all on ' as varchar(40))
when max(d.RDB$DEPENDED_ON_TYPE) = 5 then cast('grant execute on procedure ' as varchar(40)) end||
d.RDB$DEPENDED_ON_NAME || ' to ' || max(pt.OBJ_TYPE) || ' ' || d.RDB$DEPENDENT_NAME || ' ^'
from RDB$DEPENDENCIES d
join (select p.RDB$PROCEDURE_NAME, cast('procedure' as varchar(10)), null
from RDB$PROCEDURES p
union all
select t.RDB$TRIGGER_NAME, cast('trigger' as varchar(10)), t.RDB$RELATION_NAME
from RDB$TRIGGERS t
where t.RDB$SYSTEM_FLAG = 0) as pt(NAME, OBJ_TYPE, OWNER) on pt.NAME = d.RDB$DEPENDENT_NAME
where d.RDB$DEPENDED_ON_NAME not in ('WIN1251', 'PXW_CYRL', 'OCTETS')
and d.RDB$DEPENDED_ON_TYPE in (0, 5)
and (pt.OWNER <> d.RDB$DEPENDED_ON_NAME or pt.OWNER is null)
and not exists ( select *
from RDB$USER_PRIVILEGES up
join (select p.RDB$PROCEDURE_NAME
from RDB$PROCEDURES p
union all
select t.RDB$TRIGGER_NAME
from RDB$TRIGGERS t) as OBJ_USERS(NAME) on OBJ_USERS.NAME = up.RDB$USER
where up.RDB$USER = d.RDB$DEPENDENT_NAME
and up.RDB$RELATION_NAME = d.RDB$DEPENDED_ON_NAME)
-- and not exists (select * from RDB$USER_PRIVILEGES where RDB$USER = 'PUBLIC' and RDB$RELATION_NAME = d.RDB$DEPENDED_ON_NAME)
and d.RDB$DEPENDED_ON_NAME not starting 'RDB$'
group by d.RDB$DEPENDENT_NAME, d.RDB$DEPENDED_ON_NAME
order by 1