Databases Reference
In-Depth Information
settings for the
PermissionSet
property:
Safe
,
External_Access
, or
Unrestricted
. Table
14.4 describes these settings in more detail.
TABLE 14.4
Settings of the
PermissionSet
Property
Name
Description
Allows a stored procedure to execute a simple computation, but does
not give access to protected resources, such as the network or files.
Safe
Allows a stored procedure to perform computations. Makes it possible
to carry out the following actions on external resources:
.
External_Access
Read and write environment variables.
.
Assert and stop a stack walk on a given permission.
.
Provide serialization services.
.
Read system Registry settings.
.
Access domain name system (DNS) servers on the network.
.
Connect to HTTP Internet resources. (There is no right to accept
HTTP connections.)
.
Use sockets to connect to a transport address.
.
Read and write files in the file system.
.
Read and write to the operating system's event log.
.
Use the SQLClient ADO.NET-managed provider to connect to SQL
Server.
The least secure setting; no restrictions are applied. With this setting
applied, any code (even unverifiable) can execute. Grant this permis-
sion set with the utmost care.
Unrestricted
User-Based Security
When a stored procedure accesses resources that are outside an Analysis Services process,
such as a file system or network resources, the credentials it uses to access those resources
can make an important difference to the security of your system. When you configure
your security settings, it is a good idea to ask yourself questions about the resources your
stored procedures need access to and about who can access them. For example, if a server
runs under an account that has access to files stored on the hard drive but the user that
calls a stored procedure does not have access, you can configure your system so that the
stored procedure executes under the server's credential. In this way, the stored procedure
can have access to the files.
You can use the
ImpersonationInfo
property of an
Assembly
object to specify the security
account under which Analysis Services executes the stored procedure. Just before invoking
Search WWH ::
Custom Search