Greg Larsen said:
I'm trying to write a Stored Procedure CLR for SQL Server 2005 to get some
disk information. I have this code working although the assemble has to
be
create with "PERMISSION_SET = UNSAFE". Why do I have to create the
assembly
with UNSAFE permissions. What can I do to make the PERMISSION_SET =
EXTERNAL_ACCESS.
The permissions granted by EXTERNAL_ACCESS are as follows:
EnvironmentPermission Unrestricted --
FileIOPermission Unrestricted --
RegistryPermission Restricted Read only access to HKEY_CLASSES_ROOT,
HKEY_LOCAL_MACHINE, HKEY_CURRENT_USER, HKEY_CURRENT_CONFIG, and HKEY_USERS
SecurityPermission Restricted Assertion, Execution, SerializationFormatter,
ControlPrincipal
KeyContainerPermission Unrestricted --
SqlClientPermission Unrestricted --
EventLogPermission Restricted Only on local machine, by Administrators only
DnsPermission Unrestricted --
SocketPermission Restricted IP address only
WebPermission Restricted Access local host only via HTTP
SmtpPermission Restricted Connect access only
NetworkInformationPermission Restricted Ping access only
DistributedTransactionPermission Unrestricted --
StorePermission Unrestricted --
As you can see, you get Unrestricted FileIOPermission, so if the operations
that you mean when you mention "get some disk information" can be done via
standard File IO, you should be able to do it with PERMISSION_SET =
EXTERNAL_ACCESS.
However, if you are doing something that is not included in the preceding
table, such as using p/Invoke to call into the Windows API, then you will
need to register it as UNSAFE. If you don't want to do this, I imagine that
you could (I haven't tried it) encapsulate your functionality in a different
assembly that does an Assert for the needed permission and is installed into
the GAC, and then call this assembly from the one that you registered in sql
server.
