Return User Roles

,

I too often have seen internal company software with a SQL Server data source which relies on a single user name and password in a connection string. Even though the software itself creates tiered security and roles, if the connection string(or connecting user) is compromised so is all the security assignments set up by the programmers.

My solution to this problem is to use the Windows Authentication model and assign roles to specific users based on what they can and can not do.

I call this stored procedure on the program startup(which does connect using a single SQL authenticated user with Execute permissions on the procedure) to determine which roles the user has.

Using this sproc on the startup gives our programmers the flexablity to taylor the program choices and views to what the user has the ability to do. It also prevents unauthorized access exceptions.

Currently, this procedure is not designed to work with users that actually own a role but it could be modified.

 

 

 

 

alter procedure sproc_WindowsPermissions
(
@UserName varchar(256)
)
WITH EXECUTE AS 'dbo'
AS
BEGIN 

    select dpr.[name] AS Role
    from sys.sysusers su
    inner join sys.database_Principals dp
    on dp.[sid] = su.[sid]
    inner join sys.database_role_members drm
    on dp.[principal_id] = drm.[member_principal_id]
    inner join sys.database_Principals dpr
    on dpr.[principal_id] = drm.[role_principal_id]
    where 
     dpr.[type] = 'R'
     and su.[name] = @UserName
     and su.status IN ('12')



END

Rate

4 (1)

Share

Share

Rate

4 (1)