The solution to these problems is permission sets, which are named collections of access rights that can be assigned...
to an assembly. If an assembly tries to use a namespace or class not allowed by the permission set to which it belongs, an exception will be thrown and execution will stop. Through careful use of appropriate permission sets, a DBA can enforce access rights, even for non-trusted assemblies.
SQL Server includes three built-in permission sets: SAFE, EXTERNAL ACCESS, and UNSAFE. SAFE allows access to .NET's mathematical, string manipulation, and other standard libraries, as well as ADO.NET for data access. EXTERNAL ACCESS extends the rights allowed by the SAFE permission set, adding classes from namespaces such as System.IO for file system operations, and System.Net for network operations. The UNSAFE permission set is unrestricted—all namespaces and classes available within SQL Server can be accessed, and even unmanaged code is allowed. Be careful with the UNSAFE permission set!
Although the default permission sets are not editable, it is possible to create your own, as discussed in Niels Berglund's this blog post.
Do you have comments on this Ask the Expert Q&A? Let us know.
Related Q&A from Adam Machanic
Database Snapshots feature in SQL Server 2005 Enterprise Edition creates read-only files. For these separate databases, our site expert Adam Machanic...continue reading
Multiple readers can sometimes read the same row simultaneously causing a false result. SQL Server 2005 expert Adam Machanic suggests modifying the ...continue reading
Migrating to SQL Server 2005 from SQL Server 2000 is a hefty feat when compared to upgrading from 7.0 to SQL Server 2000. Site expert Adam Machanic ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.