Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 
        
Home       Members    Calendar    Who's On


Add to briefcase 12»»

Application Roles Expand / Collapse
Author
Message
Posted Tuesday, March 18, 2008 10:43 PM
SSChampion

SSChampionSSChampionSSChampionSSChampionSSChampionSSChampionSSChampionSSChampionSSChampionSSChampion

Group: General Forum Members
Last Login: Friday, May 18, 2007 3:36 PM
Points: 10,039, Visits: 1
Comments posted to this topic are about the item Application Roles
Post #471368
Posted Wednesday, March 19, 2008 8:53 AM
SSC-Addicted

SSC-AddictedSSC-AddictedSSC-AddictedSSC-AddictedSSC-AddictedSSC-AddictedSSC-AddictedSSC-Addicted

Group: General Forum Members
Last Login: Thursday, February 6, 2014 9:39 AM
Points: 420, Visits: 487
The answer is absolutely wrong. You can't use sp_unsetapprole because the cookie was never set using sp_setapprole. If you activate the app role before setting the cookie using sp_setapprole, you can only get the original context by disconnecting and reconnecting. sp_unsetapprole only works if you first use sp_setapprole to create the cookie.

"You are testing an application role in SQL Server 2005. You connect with SSMS, invoke the role, and then execute various queries and stored procedures. What can you do to return to your normal account permissions? (select all that apply)"


Joshua Perry
http://www.usesage.com
Post #471625
Posted Wednesday, March 19, 2008 9:58 AM


SSC-Insane

SSC-InsaneSSC-InsaneSSC-InsaneSSC-InsaneSSC-InsaneSSC-InsaneSSC-InsaneSSC-InsaneSSC-InsaneSSC-InsaneSSC-Insane

Group: General Forum Members
Last Login: Today @ 1:42 AM
Points: 20,799, Visits: 32,717
Joshua Perry (3/19/2008)
The answer is absolutely wrong. You can't use sp_unsetapprole because the cookie was never set using sp_setapprole. If you activate the app role before setting the cookie using sp_setapprole, you can only get the original context by disconnecting and reconnecting. sp_unsetapprole only works if you first use sp_setapprole to create the cookie.

"You are testing an application role in SQL Server 2005. You connect with SSMS, invoke the role, and then execute various queries and stored procedures. What can you do to return to your normal account permissions? (select all that apply)"


Actually, you invoke the role using sp_setapprole, so you can use sp_unsetapprole to revert to your original context. If there is another way to invoke an application role without using sp_setapprole, I'd like to know what it is.




Lynn Pettis

For better assistance in answering your questions, click here
For tips to get better help with Performance Problems, click here
For Running Totals and its variations, click here or when working with partitioned tables
For more about Tally Tables, click here
For more about Cross Tabs and Pivots, click here and here
Managing Transaction Logs

SQL Musings from the Desert Fountain Valley SQL (My Mirror Blog)
Post #471682
Posted Wednesday, March 19, 2008 10:06 AM
SSC-Addicted

SSC-AddictedSSC-AddictedSSC-AddictedSSC-AddictedSSC-AddictedSSC-AddictedSSC-AddictedSSC-Addicted

Group: General Forum Members
Last Login: Thursday, February 6, 2014 9:39 AM
Points: 420, Visits: 487
The question never says anything about actually using sp_setapprole to create the cookie, so you can't use sp_unsetapprole to revert. I think you need to read my post again. You have to specify the option to create the cookie to be able to revert.

EXEC sp_setapprole 'user', 'password', @fCreateCookie = true, @cookie = @cookie OUTPUT

EXEC sp_unsetapprole @cookie


Joshua Perry
http://www.usesage.com
Post #471689
Posted Wednesday, March 19, 2008 10:12 AM


SSC-Insane

SSC-InsaneSSC-InsaneSSC-InsaneSSC-InsaneSSC-InsaneSSC-InsaneSSC-InsaneSSC-InsaneSSC-InsaneSSC-InsaneSSC-Insane

Group: General Forum Members
Last Login: Today @ 1:42 AM
Points: 20,799, Visits: 32,717
I did, and here is the question again with emphasis added.

"You are testing an application role in SQL Server 2005. You connect with SSMS, invoke the role, and then execute various queries and stored procedures. What can you do to return to your normal account permissions? (select all that apply)"


It clearly states that the approle is invoked, this means you had to use the sp_setapprole to invoke the role for testing. Maybe the question could have been clearer if written as such:

"You are testing an application role in SQL Server 2005. You connect with SSMS, invoke the role using sp_setapprole, and then execute various queries and stored procedures. What can you do to return to your normal account permissions? (select all that apply)"


Sometimes you do have to read between the lines.




Lynn Pettis

For better assistance in answering your questions, click here
For tips to get better help with Performance Problems, click here
For Running Totals and its variations, click here or when working with partitioned tables
For more about Tally Tables, click here
For more about Cross Tabs and Pivots, click here and here
Managing Transaction Logs

SQL Musings from the Desert Fountain Valley SQL (My Mirror Blog)
Post #471692
Posted Wednesday, March 19, 2008 10:13 AM


Hall of Fame

Hall of FameHall of FameHall of FameHall of FameHall of FameHall of FameHall of FameHall of FameHall of Fame

Group: General Forum Members
Last Login: Monday, November 17, 2014 1:28 PM
Points: 3,189, Visits: 1,271
Joshua,

The issue is that the ”invoke the role” statement in the question is vague and I belive assumes that the @fCreateCookie and @cookie arguments were used.

-Kevin



Post #471693
Posted Wednesday, March 19, 2008 10:13 AM


SSCertifiable

SSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiable

Group: General Forum Members
Last Login: 2 days ago @ 4:32 PM
Points: 7,152, Visits: 15,633
Joshua - from the question itself:


You are testing an application role in SQL Server 2005. You connect with SSMS, invoke the role, and then execute various queries and stored procedures


You can only "invoke the role" with sp_setapprole. The question is worded just so that it doesn't steer you to the answer. No - it doesn't specifically mention sp_setapprole, but that's on purpose, and IMO - not incorrect at all.

Besides - it covers both alternatives. if the cookie isn't set, then you have to disconnect and reconnect to get your permissions; if the cookie is set, then you can use sp_unsetapprole.


----------------------------------------------------------------------------------
Your lack of planning does not constitute an emergency on my part...unless you're my manager...or a director and above...or a really loud-spoken end-user..All right - what was my emergency again?
Post #471695
Posted Wednesday, March 19, 2008 10:17 AM
SSC-Addicted

SSC-AddictedSSC-AddictedSSC-AddictedSSC-AddictedSSC-AddictedSSC-AddictedSSC-AddictedSSC-Addicted

Group: General Forum Members
Last Login: Thursday, February 6, 2014 9:39 AM
Points: 420, Visits: 487
Again, setting the cookie is an option that is required to revert. By default this option is set to false. The question is about how to revert and the cookie is an important piece. Without the cookie you cannot revert to the original context.

Joshua Perry
http://www.usesage.com
Post #471698
Posted Wednesday, March 19, 2008 10:20 AM


SSC-Insane

SSC-InsaneSSC-InsaneSSC-InsaneSSC-InsaneSSC-InsaneSSC-InsaneSSC-InsaneSSC-InsaneSSC-InsaneSSC-InsaneSSC-Insane

Group: General Forum Members
Last Login: Today @ 1:42 AM
Points: 20,799, Visits: 32,717
Joshua - Read the whole question. It clearly states that you invoke the approle. How do you do that? You use sp_setapprole, therefore you are setting everything up to be able to revert using sp_unsetapprole.

Please, tell me if there is ANY other way to invoke an application role with out using sp_setapprole, as I am not aware of it.




Lynn Pettis

For better assistance in answering your questions, click here
For tips to get better help with Performance Problems, click here
For Running Totals and its variations, click here or when working with partitioned tables
For more about Tally Tables, click here
For more about Cross Tabs and Pivots, click here and here
Managing Transaction Logs

SQL Musings from the Desert Fountain Valley SQL (My Mirror Blog)
Post #471700
Posted Wednesday, March 19, 2008 10:23 AM
SSC-Addicted

SSC-AddictedSSC-AddictedSSC-AddictedSSC-AddictedSSC-AddictedSSC-AddictedSSC-AddictedSSC-Addicted

Group: General Forum Members
Last Login: Thursday, February 6, 2014 9:39 AM
Points: 420, Visits: 487
You are correct that you must use sp_setapprole to invoke the app role, but if you do this without setting the cookie you cannot revert since the cookie is what allows you to revert. Where does it say anything about setting the cookie option? That's why you can only reconnect to revert to the original context. If you don't believe me just try it yourself.

Joshua Perry
http://www.usesage.com
Post #471703
« Prev Topic | Next Topic »

Add to briefcase 12»»

Permissions Expand / Collapse