Depending on the deployment method, you have numerous
ways to specify what security level to grant a CLR assembly. All of
them demand that you specify one of three permission sets:
Safe Assembly can perform local data access and
computational tasks only.
External_Access
Assembly can perform local data access and computational tasks and also
access the network, the file system, the registry, and environment
variables. Although External_Access is
less restrictive than Safe, it still
safeguards server stability.
Unsafe Assembly has
unrestricted permissions and can even call unmanaged code. This setting
can significantly compromise SQL Server security; only members of the
sysadmin role can create (load) unsafe assemblies.
When you deploy an
assembly from Visual Studio, its security level is set to Safe by
default. To change it, you can select the project node in the Solution
Explorer window and set the Permission Level property in the Properties
window by selecting Safe, External, or Unsafe from the combo box
provided (Figure 1).
Alternatively, you can
right-click the project node in the Solution Explorer window and select
Properties from the shortcut menu. You can also double-click the
Properties node (or the My Project node in Visual Basic projects).
Either action opens up the project properties designer. Select the
designer’s Database tab and then select a permission set from the
Permission Level combo box (Figure 2). (The same three options are available here as in the
Properties window.)
Finally, in the
Management Studio New Assembly dialog box, you can select Safe, External Access,
or Unsafe from the Permission Set combo box.
