Friday, March 30, 2012

Role of login specified in GRANT UNSAFE...

For registering UNSAFE assemblies, we have to sign the dll and register it in SQL 2005. Also, the permission needs to be granted to a login..

Example code;

CREATE ASYMMETRIC KEY MyKey FROM EXECUTABLE FILE = 'C:\Assemblies\Interop.SQLDMO.dll'

CREATE LOGIN MyLogin

FROM ASYMMETRIC KEY MyKey

GRANT UNSAFE ASSEMBLY To MyLogin

What is the purpose of creating this MyLogin and how it serves to access the unsafe assembly.

Can anyone throw more light on this.

Thanks

Baskar

In SQL Server it is not possible to grant permissions to a key, only users or groups, so in order to keep the security model simple a way is provided to associate a key with a login. The reason why this is useful is that it provides a way for an administrator to selectively pick which assemblies he or she trusts enough to permit UNSAFE or EXTERNAL_ACCESS operations. You can mark a database as trustworthy, but that is not recommended.

--Bonnie

No comments:

Post a Comment