29 lines
1.1 KiB
Transact-SQL
29 lines
1.1 KiB
Transact-SQL
/* ============================================================================
|
||
META – SECURITY BASELINE
|
||
Ziel: Direkte DML auf Konfigurationstabellen unterbinden,
|
||
Zugriff über freigegebene Prozeduren steuern.
|
||
============================================================================ */
|
||
|
||
USE [DD_IIM];
|
||
GO
|
||
|
||
IF NOT EXISTS (SELECT 1 FROM sys.database_principals WHERE name = N'RL_META_CFG_EXEC')
|
||
BEGIN
|
||
CREATE ROLE [RL_META_CFG_EXEC] AUTHORIZATION [dbo];
|
||
END;
|
||
GO
|
||
|
||
DENY INSERT, UPDATE, DELETE ON OBJECT::[_meta].[TBDD_CFG_SYSTEM_INFO] TO [public];
|
||
DENY INSERT, UPDATE, DELETE ON OBJECT::[_meta].[TBDD_CFG_FUNCTION_MODULE] TO [public];
|
||
GO
|
||
|
||
GRANT EXECUTE ON OBJECT::[_meta].[PRDD_UPSERT_SYSTEM_INFO] TO [RL_META_CFG_EXEC];
|
||
GRANT EXECUTE ON OBJECT::[_meta].[PRDD_DELETE_SYSTEM_INFO] TO [RL_META_CFG_EXEC];
|
||
GRANT EXECUTE ON OBJECT::[_meta].[PRDD_UPSERT_FUNCTION_MODULE] TO [RL_META_CFG_EXEC];
|
||
GRANT EXECUTE ON OBJECT::[_meta].[PRDD_DELETE_FUNCTION_MODULE] TO [RL_META_CFG_EXEC];
|
||
GO
|
||
|
||
/* Mitgliedschaften projektspezifisch vergeben, z. B.:
|
||
ALTER ROLE [RL_META_CFG_EXEC] ADD MEMBER [<AppUserOderRole>];
|
||
*/
|