Link to home
Start Free TrialLog in
Avatar of bkapla1
bkapla1

asked on

Help Updating Stored Procedure for SQL Server 2005 possibly using new fn_my_permissions function

I need some help converting some old TSQL.  We are experiencing some major performance issues and I believe the root cause may be with some old TSQL code that runs for practically all of our forms as they load.  I'm not a TSQL expert, so I'm look for one of you experts to assist me.

Setup is MS Access 2003 Front-End and MS SQL Server 2005 Backend.  The below Stored Procedure runs upon practically every form that loads within our front-end.  The purpose is to identify the user's permissions down to the field level so that we can activate/deactivate the form fields accordingly (e.g. if they have Update permission, we allow the form field to be editable, otherwise, we literally gray the field out and make it uneditable).

The stored procedure was created originally for SQL Server 7.0, but we've upgraded several times since then and are now running SQL Server 2005.  We upgraded a few months ago and now are running into some serious performance issues.  Example, opening a form now takes 2+ minutes, when it used to take only seconds.  If I comment out the call to this stored procedure, the form loads within seconds.

Our DBA informed me that there is a new function: fn_my_permissions that is better suited to grabbing permissions for an object.  So, I'm not sure if that is the best solution, but I'm hoping to get some good advice (or better yet full fledge revised code).

Therefore, I need some expert help in modifying the below stored procedure to either use the above new function OR any other helpful hints to update this code to hopefully improve performance.

The Access forms (using VBA) usually call this stored procedure and pass it the the view name or table name.

Thanks a lot!
USE [Facil]
GO
 
SET ANSI_NULLS ON
GO
SET QUOTED_IDENTIFIER OFF
GO
/* Procedure for 7.00 server */
ALTER PROCEDURE [dbo].[spColumnPrivileges] (
   @table_name   sysname,
   @table_owner  sysname = null,
   @table_qualifier sysname = null,
   @column_name  nvarchar(384) = null) /* 3*128 */
as
 declare @table_id  int
 if @column_name is null /* If column name not supplied, match all */
  select @column_name = '%'
 if @table_qualifier is not null
    begin
  if db_name() <> @table_qualifier
  begin /* If qualifier doesn't match current database */
   raiserror (15250, -1,-1)
   return
  end
    end
 if @table_owner is null
 begin /* If unqualified table name */
  select @table_id = object_id(quotename(@table_name))
    end
    else
 begin /* Qualified table name */
  if @table_owner = N''
  begin /* If empty owner name */
   select @table_id = 0
  end
  else
  begin
   select @table_id = object_id(quotename(@table_owner) +
    '.' + quotename(@table_name))
  end
    end
 select
  convert(sysname,c.name) COLUMN_NAME,
  convert(sysname,user_name(u.uid)) GRANTEE,
  convert (varchar(32),case p.action
    when 193 then 'SELECT'
    when 195 then 'INSERT'
    when 197 then 'UPDATE'
    else 'REFERENCES'
  end) PRIVILEGE
 from 
  sysprotects p, sysobjects o, sysusers u, master.dbo.spt_values v, 
  syscolumns c, sysmembers m
 where
  u.uid = user_id() --Only retrieve column privileges for the current user
  and c.id = @table_id
  and c.name like @column_name
  and c.id = p.id
  and c.id = o.id
  and case substring(p.columns, 1, 1) & 1
    when NULL then 255 /* all columns have permission */
    when 0 then convert(tinyint, substring(p.columns, v.low, 1))
    else (~convert(tinyint, isnull(substring(p.columns, v.low, 1),0)))
   end
   & v.high <> 0   /* permission applies to this column */
  and v.number <= (select count(*) from syscolumns
   where id = @table_id) /* ranges from 1 to # of columns in table */
  and v.type = 'P'
  and v.number = c.colid
   /* expand groups - AKUNDONE: only 1 level of group unrolling here. Need more?? */
  and (u.uid > 0 and u.uid < 16384)
  and ((p.uid = u.uid) or 
    (p.uid = m.groupuid and u.uid = m.memberuid))
  and p.protecttype <> 206 /* only grant rows */
  and p.action in (26,193,195,197)
  and o.uid <> u.uid   /* no rows for owner */
  and not exists (   /* exclude revoke'd privileges */
   select *
   from sysprotects p1
   where
    p1.protecttype = 206
    and p1.action = p.action
    and p1.id = p.id
    and p1.uid = u.uid
    and case substring(p1.columns, 1, 1) & 1
      when NULL then 255 /* all columns have permission */
      when 0 then convert(tinyint, substring(p1.columns, v.low, 1))
                                         else (~convert(tinyint,isnull(substring(p.columns, v.low, 1),0)))
     end
     & v.high <> 0)   /* permission applies to this column */
 union all
 select /* Add rows for table owner */
  convert(sysname,col_name(@table_id, c.colid)) COLUMN_NAME,
  convert(sysname,user_name(o.uid)) grantee,
  convert (varchar(32),case v.number
   when 193 then 'SELECT'
   when 195 then 'INSERT'
   when 197 then 'UPDATE'
   else 'REFERENCES'
  end) PRIVILEGE
 from 
  sysobjects o, master.dbo.spt_values v, sysusers u, syscolumns c
 where
  u.uid = user_id() --Only retrieve column privileges for the current user if he is dbo
  and c.id = @table_id
  and c.name like @column_name
  and c.id = o.id
  and u.uid = 1  /* grantor is 'dbo' of database */
  and v.type = 'P' /* cross product to get all exposed privileges */
  and v.number in (26,193,195,197)
  and not exists ( /* exclude revoke'd privileges */
   select *
   from sysprotects p1
   where
   p1.protecttype = 206
    and p1.action = v.number
    and p1.id = o.id
    and p1.uid = o.uid)
 order by 1,3 --No need to order by user_name because they are all the same

Open in new window

Avatar of Aneesh
Aneesh
Flag of Canada image

you can use
 SELECT subEntity_name ColumnName,permission_name Privilege
 FROM fn_my_permissions('table_owner.table_name', 'OBJECT')
Avatar of bkapla1
bkapla1

ASKER

Thanks!  Yes, I was able to get the following code from my DBA, which is similar:

declare @results table (
    entity_name sysname,
    subentity_name sysname,
    permission_name nvarchar(max)
)

insert @results
select * from fn_my_permissions(@table_name, 'OBJECT')
select * from fn_my_permissions('v131b_cap_impr', 'OBJECT')
 
select * from @results
where subentity_name = @column_name

However, I still need to tie this back to the individual user that is logged in.  All permissions are based on the user's SQL Server login, so I would need to ensure the results are specific for the logged user only.
Avatar of bkapla1

ASKER

Woops, I meant to paste this code here (above is where I'm testing by hard coding values)

declare @results table (
    entity_name sysname,
    subentity_name sysname,
    permission_name nvarchar(max)
)
 
insert @results
select * from fn_my_permissions(@table_name, 'OBJECT')

select * from @results
where subentity_name = @column_name
ASKER CERTIFIED SOLUTION
Avatar of Aneesh
Aneesh
Flag of Canada image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of bkapla1

ASKER

Although this wasn't a thorough response to my question of if this even helps with performance, which was my main issue, it was helpful nevertheless.