Toc
PANTHEON Hilfe - Willkommen
PANTHEON
	Leitfäden für PANTHEON
		Leitfaden für PANTHEON
		Leitfaden für PANTHEON Einzelhandel
		Leitfaden für PANTHEON Vet
		Leitfaden für PANTHEON Farming
	Benutzerhandbücher für PANTHEON
		Benutzerhandbuch für PANTHEON
			Erste Schritte
				Wörterbuch der Begriffe
				Erste Schritte mit PANTHEON
				Verwendung von PANTHEON bei Tecta, einem fiktiven Unternehmen
				Anweisungen zur Gewährleistung der Konformität von PANTHEON mit SAS
				PANTHEON Installation
				PANTHEON-System
				PANTHEON Grundlagen
				PANTHEON Hilfe
				Material- und Warenbewegungen
				Zuordnen von Identifikatoren
				Häufig gestellte Fragen zu Pantheon (F.A.Q.)
				Archiv
					Endbenutzer-Lizenzvereinbarung
					PANTHEON Ausgaben
					Installation von PANTHEON auf Linux und Oracle-Datenbank
					eRechnung
					Workflow
					Sicherung
					eDokumentation
					Aufgaben
					Referentielle Integrität (RI)
					Einführendes Wort
					Get.start
						Duplikate
						Windows 7
						SQL Server
						ODBC
						SQL Server Agent
						Windows Vista
						Verschlechterung der Leistung des MS-SQL-Servers
						Zeilenebene Sicherheit
							Wie RLS in der Praxis funktioniert
							Upgrade
							Datenbank
							Codeänderungen
							Fehlerbehebung
							ARES - RLS-Kompatibilitätsmodus
							RLS Fragen und Antworten
						MS SQL Server Installation
						Aufgabenplanung
						PANTHEON Systemumgebung
						Hardware
						Installationsarten bei verschiedenen Netzwerk-Konfigurationen
						Datalab-Dienstprogramme
						Installation
						On-Premises-Installation
						PANTHEON Cloud-Installation
						Bestellung und Einrichtung von eBusiness-Diensten
						Ein-Benutzer-Installation von PANTHEON Cloud
						Netzwerkinstallation von PANTHEN Cloud
						PANTHEON Client Setup-Assistent
					eExchange
					SMS-Benachrichtigungen
			Benutzerhandbuch für eBusiness
			Einstellungen
			Bestellungen
			Waren
			Herstellung
			Service
			Hilfe
			Personal
			Finanzen
			Analytik
		Benutzerhandbuch für PANTHEON Einzelhandel
		Benutzerhandbuch für PANTHEON Vet
		Benutzerhandbuch für PANTHEON Farming
PANTHEON Web
	Leitfäden für PANTHEON Web
		Leitfaden für PANTHEON Web Light
		Leitfaden für das PANTHEON Web-Terminal
		Leitfaden für PANTHEON Web Rechtliches
		Alte Produkte Archiv
	Benutzerhandbücher für PANTHEON Web
		Erste Schritte PANTHEON Web
		Benutzerhandbuch für PANTHEON Web Light
		Benutzerhandbuch für das PANTHEON Web-Terminal
		Benutzerhandbuch für PANTHEON Web Legal
		Alte Produkte Archiv
PANTHEON Granulate
	Leitfäden für PANTHEON Granulate
		Personalgranulat
		Reiseaufträge Granulat
		Dokumente und Aufgaben Granule
		Dashboard Granule
		B2B-Bestellungen Granulat
		Feldservice-Granulat
		Bestandsgranule für Anlagevermögen
		Warenlager Inventar Granulat
	Benutzerhandbücher für PANTHEON Granulate
		Erste Schritte
		Personalgranulat
		Reiseaufträge Granulat
		Dokumente und Aufgaben Granule
		B2B-Bestellungen Granulat
		Dashboard Granule
		Feldservice-Granulat
		Bestandsgranulat für Anlagevermögen
		Lagereinlagerung Granulat
		Archiv
Benutzerseite

Load Time: 359,3299 ms

1000002563 | 222177 | 489033 | AI translated

RLS Questions & Answers

RLS_ALL korisnik
Dodavanje korisnika
Odustajanje korisnika
Tips and tricks

1. RLS_ALL korisnik

RLS_ALL je poseban korisnik baze podataka bez ikakvog mapiranja prijavljivanja na server. To znači da se sa njim ne možete prijaviti na SQL Server.

Jedini način da koristite ovog korisnika je EXECUTE AS USER = 'RLS_ALL'

Ima pristup svim podacima koji su odvojeni RLS funkcionalnošću.

Ovaj korisnik se koristi za, na primer, kreiranje agregata podataka u vlasništvu više korisnika.

Na primer, izveštaj o ukupnoj prodaji za sve zaposlene za godinu dana, ali svaki zaposleni može da vidi samo svoju prodaju.

Da bi korisnik Pantheon-a mogao da koristi EXECUTE AS USER = 'RLS_ALL', mora da ima GRANT IMPERSONATE dozvole za RLS_ALL korisnika.

SAMO korisnici Pantheon-a mogu da imaju dozvole GRANT IMPERSONATE.

Davanje tih dozvola ugrađenim nalozima SKL Servera (poput SA, itd.) obično nije potrebno.

SAMO korisnici Pantheon-a mogu čitati podatke iz RLS zaštićenih tabela

SA korisnik (ako nije mapiran na korisnika PA) nema pristup zaštićenim podacima. Sve RLS zaštićene podatke može čitati samo PA korisnik sa odgovarajućim ovlašćenjima. Da biste koristili eksterne veze sa bazom podataka, povezivanje sa bazom podataka mora se izvršiti sa PANTHEON korisnikom povezanim sa korisnikom baze podataka.

2. Dodavanje korisnika

Dodavanje korisnika za pristup drugim aplikacijama u PANTHEON bazu podataka.

Možemo dodati korisnika uz pomoć PANTHEON-a:

See the following instructions: Adding a user and Setting authorizations for a user.

For more complex settings, where we want to add a user to multiple databases.

Adding User and Charging Autorizations without Rights. We set permissions of the user with PANTHEON:

declare
    @v_cUserId sysname = #UserName#
,    @p_lang_id varchar(2)
--
,    @p_subject varchar(30) = NULL
--
,    @p_user_id int = NULL  
,    @p_contact_id int = NULL  

BEGIN
 
  select * from  [dbo].[tHE_SetSubjContact]    WHERE acUserId = @v_cUserId;  

    SET @p_user_id = (SELECT anUserId FROM [dbo].[tHE_SetSubjContact] WHERE acUserId = @v_cUserId);

    set @p_contact_id = NULL;

    IF (@p_user_id IS NULL)
    BEGIN
        Exec ppa_user_create @v_cUserId, @v_cUserId, 1;
    
    select @p_subject = P.acOurCompany, @p_lang_id = PS.acLocalization from tPA_SysParam P, tPA_SysParamSys PS;
    
    SELECT @p_user_id = anUserId FROM [dbo].[tHE_SetSubjContact] WHERE acUserId = @v_cUserId;


      EXEC [dbo].[ppa_user_save]
          @p_user_id = @p_user_id OUTPUT -- @p_user_id int OUTPUT
      ,    @p_contact_id = @p_contact_id OUTPUT -- @p_contact_id int OUTPUT
      ,    @p_user_name = @v_cUserId -- sysname
      ,    @p_lang_id = @p_lang_id --  varchar(2)
      ,    @p_active = 'T' --  char(1)
      ,    @p_license_server = Null --  sysname = NULL
      ,    @p_license_database = Null --  sysname = NULL
      ,    @p_profile = Null --  varchar(10) = NULL
      ,    @p_additpersonmark = Null --  varchar(100) = NULL
      ,    @p_code = Null --  varchar(20)= NULL
      ,    @p_pin = Null --  varchar(11) = NULL
      ,    @p_foreigner = 'F'
      --
      ,    @p_subject = @p_subject --  varchar(30) = NULL
      ,    @p_name = @v_cUserId --  varchar(30) = NULL
      ,    @p_surName = @v_cUserId --  varchar(30) = NULL
      ;

    exec [dbo].[ppa_security_insert] @p_user_id, False, False;--no authorizations
    exec ppa_security_save @p_user_id, False, False;
    print @p_user_id
    exec [dbo].[ppa_authorization_security_save]
     NULL -- @p_authorization varchar(50)
    , @p_user_id -- @p_principal_id int
    , 0 -- @p_principal_type bit
    , NULL -- @p_parent_id varchar(50)
    , 0 -- @p_acquired bit
    , 0 -- @p_inherited bit
    , 0 -- @p_permission_select bit
    , 0 -- @p_permission_update bit
    , 0 -- @p_permission_delete bit
    , 32767 -- @p_permission_update_period int
    , 1 -- @p_propagate_entities bit = 0
    , Null -- @p_licence char(2) = 'MF'

    exec pPA_SysSQLLoginPswdChange @v_cUserId, Null, @v_cUserId;

    EXEC sp_addrolemember N'db_owner', @v_cUserId;
    EXEC sp_addrolemember N'db_datawriter', @v_cUserId;
    EXEC sp_addrolemember N'db_datareader', @v_cUserId;

  end;

  select * from  [dbo].[tHE_SetSubjContact]    WHERE acUserId = @v_cUserId;  
  select * from tPA_SetDoctypeUserSecurity where anUserId = @p_user_id;
end;

3. Droping users

declare
    @v_cUserId sysname = #USER#,
  @command nvarchar(max);
begin
    select * from  [dbo].[tHE_SetSubjContact]    WHERE acUserId = @v_cUserId;

    delete from  [dbo].[tHE_SetSubjContact]    WHERE acUserId = @v_cUserId;

    IF (DATABASE_PRINCIPAL_ID(@v_cUserId) IS NOT NULL)
    BEGIN
        SET @command = N'DROP USER ' + QUOTENAME(@v_cUserId) + N';'
        EXEC(@command);
    END;


    IF (SUSER_ID(@v_cUserId) IS NOT NULL)
    BEGIN
        SET @command = N'DROP LOGIN ' + QUOTENAME(@v_cUserId) + N';'
        EXEC(@command);
    END;

  select * from  [dbo].[tHE_SetSubjContact]    WHERE acUserId = @v_cUserId;
end;

4. Tips and Tricks

With SQL Server's Row Level Security (RLS) in place this adds easy separation of user data, but adds a bit of query execution plan complexity to each query that uses the tables that have RLS enabled on them.

The goal is to minimize that query execution plan complexity.

- Usage in stored procedures

Avoid a lot of joins with RLS tables. If you need to join a lot of tables together, it is better to join a few (2-4 tables), put the result of that into a temporary table (that can even be properly indexed) and join that temporary table to other tables.

This will make the query optimizer's job easier since the query is broken into multiple pieces.

- Usage in triggers

In after triggers there's no need to join to the base table to get the data.

For update or insert statement, the inserted pseudo table already contains new values that are also in the base table.

So all you have to do is join to it.

If you have a scenario where you have to check for existence of some data in a trigger and update data based on that check, it's better to put the check results into a temp table, check if that data satisfies the desired condition and use it update the base table.

- SQL Server's Built-In Function support for parallelism

If you ever have to check a user name or a SQL login under which the current context is executing under, use the following functions in select statements.

They are the only ones that support parallelism in SQL Server execution plans:

USER_NAME, CURRENT_USER, SUSER_NAME, SUSER_SNAME, SUSER_ID, SUSER_SID.

Any other built-in function prevents consideration of parallel query execution plans.

Rate this topic

Was this topic usefull?

Comments

Comment will also bo visible in forum!

RLS Questions & Answers

1. RLS_ALL korisnik

2. Dodavanje korisnika

3. Droping users

4. Tips and Tricks

RSS

Technical help

Membership:

Additional info