?
Solved

Help Updating Stored Procedure for SQL Server 2005 possibly using new fn_my_permissions function

Posted on 2009-05-20
5
Medium Priority
?
594 Views
Last Modified: 2012-05-07
I need some help converting some old TSQL.  We are experiencing some major performance issues and I believe the root cause may be with some old TSQL code that runs for practically all of our forms as they load.  I'm not a TSQL expert, so I'm look for one of you experts to assist me.

Setup is MS Access 2003 Front-End and MS SQL Server 2005 Backend.  The below Stored Procedure runs upon practically every form that loads within our front-end.  The purpose is to identify the user's permissions down to the field level so that we can activate/deactivate the form fields accordingly (e.g. if they have Update permission, we allow the form field to be editable, otherwise, we literally gray the field out and make it uneditable).

The stored procedure was created originally for SQL Server 7.0, but we've upgraded several times since then and are now running SQL Server 2005.  We upgraded a few months ago and now are running into some serious performance issues.  Example, opening a form now takes 2+ minutes, when it used to take only seconds.  If I comment out the call to this stored procedure, the form loads within seconds.

Our DBA informed me that there is a new function: fn_my_permissions that is better suited to grabbing permissions for an object.  So, I'm not sure if that is the best solution, but I'm hoping to get some good advice (or better yet full fledge revised code).

Therefore, I need some expert help in modifying the below stored procedure to either use the above new function OR any other helpful hints to update this code to hopefully improve performance.

The Access forms (using VBA) usually call this stored procedure and pass it the the view name or table name.

Thanks a lot!
USE [Facil]
GO
 
SET ANSI_NULLS ON
GO
SET QUOTED_IDENTIFIER OFF
GO
/* Procedure for 7.00 server */
ALTER PROCEDURE [dbo].[spColumnPrivileges] (
   @table_name   sysname,
   @table_owner  sysname = null,
   @table_qualifier sysname = null,
   @column_name  nvarchar(384) = null) /* 3*128 */
as
 declare @table_id  int
 if @column_name is null /* If column name not supplied, match all */
  select @column_name = '%'
 if @table_qualifier is not null
    begin
  if db_name() <> @table_qualifier
  begin /* If qualifier doesn't match current database */
   raiserror (15250, -1,-1)
   return
  end
    end
 if @table_owner is null
 begin /* If unqualified table name */
  select @table_id = object_id(quotename(@table_name))
    end
    else
 begin /* Qualified table name */
  if @table_owner = N''
  begin /* If empty owner name */
   select @table_id = 0
  end
  else
  begin
   select @table_id = object_id(quotename(@table_owner) +
    '.' + quotename(@table_name))
  end
    end
 select
  convert(sysname,c.name) COLUMN_NAME,
  convert(sysname,user_name(u.uid)) GRANTEE,
  convert (varchar(32),case p.action
    when 193 then 'SELECT'
    when 195 then 'INSERT'
    when 197 then 'UPDATE'
    else 'REFERENCES'
  end) PRIVILEGE
 from 
  sysprotects p, sysobjects o, sysusers u, master.dbo.spt_values v, 
  syscolumns c, sysmembers m
 where
  u.uid = user_id() --Only retrieve column privileges for the current user
  and c.id = @table_id
  and c.name like @column_name
  and c.id = p.id
  and c.id = o.id
  and case substring(p.columns, 1, 1) & 1
    when NULL then 255 /* all columns have permission */
    when 0 then convert(tinyint, substring(p.columns, v.low, 1))
    else (~convert(tinyint, isnull(substring(p.columns, v.low, 1),0)))
   end
   & v.high <> 0   /* permission applies to this column */
  and v.number <= (select count(*) from syscolumns
   where id = @table_id) /* ranges from 1 to # of columns in table */
  and v.type = 'P'
  and v.number = c.colid
   /* expand groups - AKUNDONE: only 1 level of group unrolling here. Need more?? */
  and (u.uid > 0 and u.uid < 16384)
  and ((p.uid = u.uid) or 
    (p.uid = m.groupuid and u.uid = m.memberuid))
  and p.protecttype <> 206 /* only grant rows */
  and p.action in (26,193,195,197)
  and o.uid <> u.uid   /* no rows for owner */
  and not exists (   /* exclude revoke'd privileges */
   select *
   from sysprotects p1
   where
    p1.protecttype = 206
    and p1.action = p.action
    and p1.id = p.id
    and p1.uid = u.uid
    and case substring(p1.columns, 1, 1) & 1
      when NULL then 255 /* all columns have permission */
      when 0 then convert(tinyint, substring(p1.columns, v.low, 1))
                                         else (~convert(tinyint,isnull(substring(p.columns, v.low, 1),0)))
     end
     & v.high <> 0)   /* permission applies to this column */
 union all
 select /* Add rows for table owner */
  convert(sysname,col_name(@table_id, c.colid)) COLUMN_NAME,
  convert(sysname,user_name(o.uid)) grantee,
  convert (varchar(32),case v.number
   when 193 then 'SELECT'
   when 195 then 'INSERT'
   when 197 then 'UPDATE'
   else 'REFERENCES'
  end) PRIVILEGE
 from 
  sysobjects o, master.dbo.spt_values v, sysusers u, syscolumns c
 where
  u.uid = user_id() --Only retrieve column privileges for the current user if he is dbo
  and c.id = @table_id
  and c.name like @column_name
  and c.id = o.id
  and u.uid = 1  /* grantor is 'dbo' of database */
  and v.type = 'P' /* cross product to get all exposed privileges */
  and v.number in (26,193,195,197)
  and not exists ( /* exclude revoke'd privileges */
   select *
   from sysprotects p1
   where
   p1.protecttype = 206
    and p1.action = v.number
    and p1.id = o.id
    and p1.uid = o.uid)
 order by 1,3 --No need to order by user_name because they are all the same

Open in new window

0
Comment
Question by:bkapla1
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 75

Expert Comment

by:Aneesh Retnakaran
ID: 24433791
you can use
 SELECT subEntity_name ColumnName,permission_name Privilege
 FROM fn_my_permissions('table_owner.table_name', 'OBJECT')
0
 

Author Comment

by:bkapla1
ID: 24433979
Thanks!  Yes, I was able to get the following code from my DBA, which is similar:

declare @results table (
    entity_name sysname,
    subentity_name sysname,
    permission_name nvarchar(max)
)

insert @results
select * from fn_my_permissions(@table_name, 'OBJECT')
select * from fn_my_permissions('v131b_cap_impr', 'OBJECT')
 
select * from @results
where subentity_name = @column_name

However, I still need to tie this back to the individual user that is logged in.  All permissions are based on the user's SQL Server login, so I would need to ensure the results are specific for the logged user only.
0
 

Author Comment

by:bkapla1
ID: 24433998
Woops, I meant to paste this code here (above is where I'm testing by hard coding values)

declare @results table (
    entity_name sysname,
    subentity_name sysname,
    permission_name nvarchar(max)
)
 
insert @results
select * from fn_my_permissions(@table_name, 'OBJECT')

select * from @results
where subentity_name = @column_name
0
 
LVL 75

Accepted Solution

by:
Aneesh Retnakaran earned 1500 total points
ID: 24434249
check the examples on this page
http://msdn.microsoft.com/en-us/library/ms176097.aspx 
0
 

Author Closing Comment

by:bkapla1
ID: 31583592
Although this wasn't a thorough response to my question of if this even helps with performance, which was my main issue, it was helpful nevertheless.
0

Featured Post

Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will describe one method to parse a delimited string into a table of data.   Why would I do that you ask?  Let's say that you need to pass multiple parameters into a stored procedure to search for.  For our sake, we'll say that we wa…
In SQL Server, when rows are selected from a table, does it retrieve data in the order in which it is inserted?  Many believe this is the case. Let us try to examine for ourselves with an example. To get started, use the following script, wh…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …
In this video, Percona Solution Engineer Dimitri Vanoverbeke discusses why you want to use at least three nodes in a database cluster. To discuss how Percona Consulting can help with your design and architecture needs for your database and infras…

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question