AppStd/Skriptentwickung
8
0
Fork 0
Code Activity

Serverumzug

Browse Source
This commit is contained in:
KammM
2026-04-13 12:08:30 +02:00
parent 3096e432aa
commit 82609f5fc1
48 changed files with 5489 additions and 618 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
current/[DD_IIM]-Database/[SECURITY_META_CFG].sql Normal file
View File

@@ -0,0 +1,28 @@
/* ============================================================================
META SECURITY BASELINE
Ziel: Direkte DML auf Konfigurationstabellen unterbinden,
Zugriff über freigegebene Prozeduren steuern.
============================================================================ */
USE [DD_IIM];
GO
IF NOT EXISTS (SELECT 1 FROM sys.database_principals WHERE name = N'RL_META_CFG_EXEC')
BEGIN
CREATE ROLE [RL_META_CFG_EXEC] AUTHORIZATION [dbo];
END;
GO
DENY INSERT, UPDATE, DELETE ON OBJECT::[_meta].[TBDD_CFG_SYSTEM_INFO] TO [public];
DENY INSERT, UPDATE, DELETE ON OBJECT::[_meta].[TBDD_CFG_FUNCTION_MODULE] TO [public];
GO
GRANT EXECUTE ON OBJECT::[_meta].[PRDD_UPSERT_SYSTEM_INFO] TO [RL_META_CFG_EXEC];
GRANT EXECUTE ON OBJECT::[_meta].[PRDD_DELETE_SYSTEM_INFO] TO [RL_META_CFG_EXEC];
GRANT EXECUTE ON OBJECT::[_meta].[PRDD_UPSERT_FUNCTION_MODULE] TO [RL_META_CFG_EXEC];
GRANT EXECUTE ON OBJECT::[_meta].[PRDD_DELETE_FUNCTION_MODULE] TO [RL_META_CFG_EXEC];
GO
/* Mitgliedschaften projektspezifisch vergeben, z. B.:
ALTER ROLE [RL_META_CFG_EXEC] ADD MEMBER [<AppUserOderRole>];
*/