Ask the Expert

SQLCLR permission sets

What are SQLCLR permission sets?

    Requires Free Membership to View

Native support for .NET routines in SQL Server is an important enhancement to the product, but one that brings many concerns. One such worry is security: Can a DBA ensure that an assembly will not try to access resources that it should not? For instance, what if a third-party library is purchased?

The solution to these problems is permission sets, which are named collections of access rights that can be assigned to an assembly. If an assembly tries to use a namespace or class not allowed by the permission set to which it belongs, an exception will be thrown and execution will stop. Through careful use of appropriate permission sets, a DBA can enforce access rights, even for non-trusted assemblies.

SQL Server includes three built-in permission sets: SAFE, EXTERNAL ACCESS, and UNSAFE. SAFE allows access to .NET's mathematical, string manipulation, and other standard libraries, as well as ADO.NET for data access. EXTERNAL ACCESS extends the rights allowed by the SAFE permission set, adding classes from namespaces such as System.IO for file system operations, and System.Net for network operations. The UNSAFE permission set is unrestricted—all namespaces and classes available within SQL Server can be accessed, and even unmanaged code is allowed. Be careful with the UNSAFE permission set!

Although the default permission sets are not editable, it is possible to create your own, as discussed in Niels Berglund's this blog post.


Do you have comments on this Ask the Expert Q&A? Let us know.

This was first published in December 2005

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: