In the last post we saw custom database roles as how can we create it and assign required access to users. We also noticed that we can add multiple members with the same role. That was the security with database roles and members comes into the picture. Now here we will study of Application Role. This is the security for the application level and no such members comes into the picture.
Application Role :
As per msdn, An application role is a database principal that enables an application to run with its own, user-like permissions. You can use application roles to enable access to specific data to only those users who connect through a particular application
Workaround:
We can implement application role and take into effect with the following steps, I am going to here with some of the examples, so like to create those required objects, so we can set them with application role.
1. Create required objects
2. Create an application role
4. Connecting database and activating application role
Application roles are enabled/activated by sp_settapprole system stored procedure and it has required a password. So an application can be connected to SQL Server with this application role with scope of the particular session and required a password to authenticate it to connect SQL Server. To authenticate application roles and activate it it should be required to use in.Net connection code or other application database connection method code. You can refer the link here to use application role in application code.
sp_settapprole system stored procedure activate the application role for the specific connection while connecting with the application and the syntax is as follows,
Application Role :
As per msdn, An application role is a database principal that enables an application to run with its own, user-like permissions. You can use application roles to enable access to specific data to only those users who connect through a particular application
Workaround:
We can implement application role and take into effect with the following steps, I am going to here with some of the examples, so like to create those required objects, so we can set them with application role.
1. Create required objects
USE demoHere we have created same required objects as we created in an earlier post for database role.
GO
CREATE TABLE SampleTable1
(
Id int,
Name varchar(10)
)
GO
CREATE TABLE SampleTable2
(
Id int,
Name varchar(10)
)
GO
CREATE PROCEDURE SampleSP1
AS
BEGIN
SET NOCOUNT ON
SELECT * FROM SampleTable1
End
GO
CREATE PROCEDURE SampleSP2
AS
BEGIN
SET NOCOUNT ON
SELECT * FROM SampleTable2
End
GO
2. Create an application role
USE demo3. Add permission to this application role
GO
-- sp_addapprole [@rolename = ] 'rolename', [@password = ] 'password'
EXEC sp_addapprole 'AppRole', 'AppPwd'
GO
USE demoYou can see we have assigned same access to the application role as we did in an earlier post for the custom database role. Application role is created here now, You can also create/view with expanding Roles inside security tab for a particular database and inside it you can find the Application Role tab.
GO
GRANT SELECT ON SampleTable1 to AppRole;
GRANT SELECT, INSERT,UPDATE ON SampleTable2 to AppRole;
GRANT EXEC ON SampleSP1 to AppRole;
GO
4. Connecting database and activating application role
Application roles are enabled/activated by sp_settapprole system stored procedure and it has required a password. So an application can be connected to SQL Server with this application role with scope of the particular session and required a password to authenticate it to connect SQL Server. To authenticate application roles and activate it it should be required to use in.Net connection code or other application database connection method code. You can refer the link here to use application role in application code.
sp_settapprole system stored procedure activate the application role for the specific connection while connecting with the application and the syntax is as follows,
USE demoWe can change the password for the application role with following,
GO
-- sp_setapprole [@rolename = ] 'rolename', [@password = ] 'password'
EXEC sp_setapprole 'AppRole', 'AppPwd'
GO
USE demoHope these all the steps are enough to implement application role. Stay tuned for more.
GO
-- sp_approlepassword [@rolename = ] 'rolename', [@password = ] 'new password'
EXEC sp_approlepassword 'AppRole', 'AppChangedPwd'
GO
No comments:
Post a Comment
Please Use Good Leanguage