Solved

Help Updating Stored Procedure for SQL Server 2005 possibly using new fn_my_permissions function

Posted on 2009-05-20
5
589 Views
Last Modified: 2012-05-07
I need some help converting some old TSQL.  We are experiencing some major performance issues and I believe the root cause may be with some old TSQL code that runs for practically all of our forms as they load.  I'm not a TSQL expert, so I'm look for one of you experts to assist me.

Setup is MS Access 2003 Front-End and MS SQL Server 2005 Backend.  The below Stored Procedure runs upon practically every form that loads within our front-end.  The purpose is to identify the user's permissions down to the field level so that we can activate/deactivate the form fields accordingly (e.g. if they have Update permission, we allow the form field to be editable, otherwise, we literally gray the field out and make it uneditable).

The stored procedure was created originally for SQL Server 7.0, but we've upgraded several times since then and are now running SQL Server 2005.  We upgraded a few months ago and now are running into some serious performance issues.  Example, opening a form now takes 2+ minutes, when it used to take only seconds.  If I comment out the call to this stored procedure, the form loads within seconds.

Our DBA informed me that there is a new function: fn_my_permissions that is better suited to grabbing permissions for an object.  So, I'm not sure if that is the best solution, but I'm hoping to get some good advice (or better yet full fledge revised code).

Therefore, I need some expert help in modifying the below stored procedure to either use the above new function OR any other helpful hints to update this code to hopefully improve performance.

The Access forms (using VBA) usually call this stored procedure and pass it the the view name or table name.

Thanks a lot!
USE [Facil]

GO
 

SET ANSI_NULLS ON

GO

SET QUOTED_IDENTIFIER OFF

GO

/* Procedure for 7.00 server */

ALTER PROCEDURE [dbo].[spColumnPrivileges] (

   @table_name   sysname,

   @table_owner  sysname = null,

   @table_qualifier sysname = null,

   @column_name  nvarchar(384) = null) /* 3*128 */

as

 declare @table_id  int

 if @column_name is null /* If column name not supplied, match all */

  select @column_name = '%'

 if @table_qualifier is not null

    begin

  if db_name() <> @table_qualifier

  begin /* If qualifier doesn't match current database */

   raiserror (15250, -1,-1)

   return

  end

    end

 if @table_owner is null

 begin /* If unqualified table name */

  select @table_id = object_id(quotename(@table_name))

    end

    else

 begin /* Qualified table name */

  if @table_owner = N''

  begin /* If empty owner name */

   select @table_id = 0

  end

  else

  begin

   select @table_id = object_id(quotename(@table_owner) +

    '.' + quotename(@table_name))

  end

    end

 select

  convert(sysname,c.name) COLUMN_NAME,

  convert(sysname,user_name(u.uid)) GRANTEE,

  convert (varchar(32),case p.action

    when 193 then 'SELECT'

    when 195 then 'INSERT'

    when 197 then 'UPDATE'

    else 'REFERENCES'

  end) PRIVILEGE

 from 

  sysprotects p, sysobjects o, sysusers u, master.dbo.spt_values v, 

  syscolumns c, sysmembers m

 where

  u.uid = user_id() --Only retrieve column privileges for the current user

  and c.id = @table_id

  and c.name like @column_name

  and c.id = p.id

  and c.id = o.id

  and case substring(p.columns, 1, 1) & 1

    when NULL then 255 /* all columns have permission */

    when 0 then convert(tinyint, substring(p.columns, v.low, 1))

    else (~convert(tinyint, isnull(substring(p.columns, v.low, 1),0)))

   end

   & v.high <> 0   /* permission applies to this column */

  and v.number <= (select count(*) from syscolumns

   where id = @table_id) /* ranges from 1 to # of columns in table */

  and v.type = 'P'

  and v.number = c.colid

   /* expand groups - AKUNDONE: only 1 level of group unrolling here. Need more?? */

  and (u.uid > 0 and u.uid < 16384)

  and ((p.uid = u.uid) or 

    (p.uid = m.groupuid and u.uid = m.memberuid))

  and p.protecttype <> 206 /* only grant rows */

  and p.action in (26,193,195,197)

  and o.uid <> u.uid   /* no rows for owner */

  and not exists (   /* exclude revoke'd privileges */

   select *

   from sysprotects p1

   where

    p1.protecttype = 206

    and p1.action = p.action

    and p1.id = p.id

    and p1.uid = u.uid

    and case substring(p1.columns, 1, 1) & 1

      when NULL then 255 /* all columns have permission */

      when 0 then convert(tinyint, substring(p1.columns, v.low, 1))

                                         else (~convert(tinyint,isnull(substring(p.columns, v.low, 1),0)))

     end

     & v.high <> 0)   /* permission applies to this column */

 union all

 select /* Add rows for table owner */

  convert(sysname,col_name(@table_id, c.colid)) COLUMN_NAME,

  convert(sysname,user_name(o.uid)) grantee,

  convert (varchar(32),case v.number

   when 193 then 'SELECT'

   when 195 then 'INSERT'

   when 197 then 'UPDATE'

   else 'REFERENCES'

  end) PRIVILEGE

 from 

  sysobjects o, master.dbo.spt_values v, sysusers u, syscolumns c

 where

  u.uid = user_id() --Only retrieve column privileges for the current user if he is dbo

  and c.id = @table_id

  and c.name like @column_name

  and c.id = o.id

  and u.uid = 1  /* grantor is 'dbo' of database */

  and v.type = 'P' /* cross product to get all exposed privileges */

  and v.number in (26,193,195,197)

  and not exists ( /* exclude revoke'd privileges */

   select *

   from sysprotects p1

   where

   p1.protecttype = 206

    and p1.action = v.number

    and p1.id = o.id

    and p1.uid = o.uid)

 order by 1,3 --No need to order by user_name because they are all the same

Open in new window

0
Comment
Question by:bkapla1
  • 3
  • 2
5 Comments
 
LVL 75

Expert Comment

by:Aneesh Retnakaran
ID: 24433791
you can use
 SELECT subEntity_name ColumnName,permission_name Privilege
 FROM fn_my_permissions('table_owner.table_name', 'OBJECT')
0
 

Author Comment

by:bkapla1
ID: 24433979
Thanks!  Yes, I was able to get the following code from my DBA, which is similar:

declare @results table (
    entity_name sysname,
    subentity_name sysname,
    permission_name nvarchar(max)
)

insert @results
select * from fn_my_permissions(@table_name, 'OBJECT')
select * from fn_my_permissions('v131b_cap_impr', 'OBJECT')
 
select * from @results
where subentity_name = @column_name

However, I still need to tie this back to the individual user that is logged in.  All permissions are based on the user's SQL Server login, so I would need to ensure the results are specific for the logged user only.
0
 

Author Comment

by:bkapla1
ID: 24433998
Woops, I meant to paste this code here (above is where I'm testing by hard coding values)

declare @results table (
    entity_name sysname,
    subentity_name sysname,
    permission_name nvarchar(max)
)
 
insert @results
select * from fn_my_permissions(@table_name, 'OBJECT')

select * from @results
where subentity_name = @column_name
0
 
LVL 75

Accepted Solution

by:
Aneesh Retnakaran earned 500 total points
ID: 24434249
check the examples on this page
http://msdn.microsoft.com/en-us/library/ms176097.aspx 
0
 

Author Closing Comment

by:bkapla1
ID: 31583592
Although this wasn't a thorough response to my question of if this even helps with performance, which was my main issue, it was helpful nevertheless.
0

Featured Post

Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
SQL Server Set bit value based on sums 4 47
How to extract a "coded date" from a string field? 4 54
PERFORMANCE OF SQL QUERY 13 65
Pivot Query Problem 9 37
This article will describe one method to parse a delimited string into a table of data.   Why would I do that you ask?  Let's say that you need to pass multiple parameters into a stored procedure to search for.  For our sake, we'll say that we wa…
by Mark Wills Attending one of Rob Farley's seminars the other day, I heard the phrase "The Accidental DBA" and fell in love with it. It got me thinking about the plight of the newcomer to SQL Server...  So if you are the accidental DBA, or, simp…
I designed this idea while studying technology in the classroom.  This is a semester long project.  Students are asked to take photographs on a specific topic which they find meaningful, it can be a place or situation such as travel or homelessness.…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

914 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now