bkapla1
asked on
Help Updating Stored Procedure for SQL Server 2005 possibly using new fn_my_permissions function
I need some help converting some old TSQL. We are experiencing some major performance issues and I believe the root cause may be with some old TSQL code that runs for practically all of our forms as they load. I'm not a TSQL expert, so I'm look for one of you experts to assist me.
Setup is MS Access 2003 Front-End and MS SQL Server 2005 Backend. The below Stored Procedure runs upon practically every form that loads within our front-end. The purpose is to identify the user's permissions down to the field level so that we can activate/deactivate the form fields accordingly (e.g. if they have Update permission, we allow the form field to be editable, otherwise, we literally gray the field out and make it uneditable).
The stored procedure was created originally for SQL Server 7.0, but we've upgraded several times since then and are now running SQL Server 2005. We upgraded a few months ago and now are running into some serious performance issues. Example, opening a form now takes 2+ minutes, when it used to take only seconds. If I comment out the call to this stored procedure, the form loads within seconds.
Our DBA informed me that there is a new function: fn_my_permissions that is better suited to grabbing permissions for an object. So, I'm not sure if that is the best solution, but I'm hoping to get some good advice (or better yet full fledge revised code).
Therefore, I need some expert help in modifying the below stored procedure to either use the above new function OR any other helpful hints to update this code to hopefully improve performance.
The Access forms (using VBA) usually call this stored procedure and pass it the the view name or table name.
Thanks a lot!
Setup is MS Access 2003 Front-End and MS SQL Server 2005 Backend. The below Stored Procedure runs upon practically every form that loads within our front-end. The purpose is to identify the user's permissions down to the field level so that we can activate/deactivate the form fields accordingly (e.g. if they have Update permission, we allow the form field to be editable, otherwise, we literally gray the field out and make it uneditable).
The stored procedure was created originally for SQL Server 7.0, but we've upgraded several times since then and are now running SQL Server 2005. We upgraded a few months ago and now are running into some serious performance issues. Example, opening a form now takes 2+ minutes, when it used to take only seconds. If I comment out the call to this stored procedure, the form loads within seconds.
Our DBA informed me that there is a new function: fn_my_permissions that is better suited to grabbing permissions for an object. So, I'm not sure if that is the best solution, but I'm hoping to get some good advice (or better yet full fledge revised code).
Therefore, I need some expert help in modifying the below stored procedure to either use the above new function OR any other helpful hints to update this code to hopefully improve performance.
The Access forms (using VBA) usually call this stored procedure and pass it the the view name or table name.
Thanks a lot!
USE [Facil]
GO
SET ANSI_NULLS ON
GO
SET QUOTED_IDENTIFIER OFF
GO
/* Procedure for 7.00 server */
ALTER PROCEDURE [dbo].[spColumnPrivileges] (
@table_name sysname,
@table_owner sysname = null,
@table_qualifier sysname = null,
@column_name nvarchar(384) = null) /* 3*128 */
as
declare @table_id int
if @column_name is null /* If column name not supplied, match all */
select @column_name = '%'
if @table_qualifier is not null
begin
if db_name() <> @table_qualifier
begin /* If qualifier doesn't match current database */
raiserror (15250, -1,-1)
return
end
end
if @table_owner is null
begin /* If unqualified table name */
select @table_id = object_id(quotename(@table_name))
end
else
begin /* Qualified table name */
if @table_owner = N''
begin /* If empty owner name */
select @table_id = 0
end
else
begin
select @table_id = object_id(quotename(@table_owner) +
'.' + quotename(@table_name))
end
end
select
convert(sysname,c.name) COLUMN_NAME,
convert(sysname,user_name(u.uid)) GRANTEE,
convert (varchar(32),case p.action
when 193 then 'SELECT'
when 195 then 'INSERT'
when 197 then 'UPDATE'
else 'REFERENCES'
end) PRIVILEGE
from
sysprotects p, sysobjects o, sysusers u, master.dbo.spt_values v,
syscolumns c, sysmembers m
where
u.uid = user_id() --Only retrieve column privileges for the current user
and c.id = @table_id
and c.name like @column_name
and c.id = p.id
and c.id = o.id
and case substring(p.columns, 1, 1) & 1
when NULL then 255 /* all columns have permission */
when 0 then convert(tinyint, substring(p.columns, v.low, 1))
else (~convert(tinyint, isnull(substring(p.columns, v.low, 1),0)))
end
& v.high <> 0 /* permission applies to this column */
and v.number <= (select count(*) from syscolumns
where id = @table_id) /* ranges from 1 to # of columns in table */
and v.type = 'P'
and v.number = c.colid
/* expand groups - AKUNDONE: only 1 level of group unrolling here. Need more?? */
and (u.uid > 0 and u.uid < 16384)
and ((p.uid = u.uid) or
(p.uid = m.groupuid and u.uid = m.memberuid))
and p.protecttype <> 206 /* only grant rows */
and p.action in (26,193,195,197)
and o.uid <> u.uid /* no rows for owner */
and not exists ( /* exclude revoke'd privileges */
select *
from sysprotects p1
where
p1.protecttype = 206
and p1.action = p.action
and p1.id = p.id
and p1.uid = u.uid
and case substring(p1.columns, 1, 1) & 1
when NULL then 255 /* all columns have permission */
when 0 then convert(tinyint, substring(p1.columns, v.low, 1))
else (~convert(tinyint,isnull(substring(p.columns, v.low, 1),0)))
end
& v.high <> 0) /* permission applies to this column */
union all
select /* Add rows for table owner */
convert(sysname,col_name(@table_id, c.colid)) COLUMN_NAME,
convert(sysname,user_name(o.uid)) grantee,
convert (varchar(32),case v.number
when 193 then 'SELECT'
when 195 then 'INSERT'
when 197 then 'UPDATE'
else 'REFERENCES'
end) PRIVILEGE
from
sysobjects o, master.dbo.spt_values v, sysusers u, syscolumns c
where
u.uid = user_id() --Only retrieve column privileges for the current user if he is dbo
and c.id = @table_id
and c.name like @column_name
and c.id = o.id
and u.uid = 1 /* grantor is 'dbo' of database */
and v.type = 'P' /* cross product to get all exposed privileges */
and v.number in (26,193,195,197)
and not exists ( /* exclude revoke'd privileges */
select *
from sysprotects p1
where
p1.protecttype = 206
and p1.action = v.number
and p1.id = o.id
and p1.uid = o.uid)
order by 1,3 --No need to order by user_name because they are all the same
ASKER
Thanks! Yes, I was able to get the following code from my DBA, which is similar:
declare @results table (
entity_name sysname,
subentity_name sysname,
permission_name nvarchar(max)
)
insert @results
select * from fn_my_permissions(@table_n ame, 'OBJECT')
select * from fn_my_permissions('v131b_c ap_impr', 'OBJECT')
select * from @results
where subentity_name = @column_name
However, I still need to tie this back to the individual user that is logged in. All permissions are based on the user's SQL Server login, so I would need to ensure the results are specific for the logged user only.
declare @results table (
entity_name sysname,
subentity_name sysname,
permission_name nvarchar(max)
)
insert @results
select * from fn_my_permissions(@table_n
select * from fn_my_permissions('v131b_c
select * from @results
where subentity_name = @column_name
However, I still need to tie this back to the individual user that is logged in. All permissions are based on the user's SQL Server login, so I would need to ensure the results are specific for the logged user only.
ASKER
Woops, I meant to paste this code here (above is where I'm testing by hard coding values)
declare @results table (
entity_name sysname,
subentity_name sysname,
permission_name nvarchar(max)
)
insert @results
select * from fn_my_permissions(@table_n ame, 'OBJECT')
select * from @results
where subentity_name = @column_name
declare @results table (
entity_name sysname,
subentity_name sysname,
permission_name nvarchar(max)
)
insert @results
select * from fn_my_permissions(@table_n
select * from @results
where subentity_name = @column_name
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Although this wasn't a thorough response to my question of if this even helps with performance, which was my main issue, it was helpful nevertheless.
SELECT subEntity_name ColumnName,permission_name
FROM fn_my_permissions('table_o