CLR Assembly permission


Job details

Name: CLR Assembly permission
Platform: Sqlserver
Category: Security
Premium package: Security and compliance package
Description: Checks if the CLR Assembly permission_set is set to SAFE access.
Long description: Checks if the CLR Assembly permission_set is set to SAFE access. This will prevent assemblies from accessing external system resources such as files, the network, environment variables, or the registry
Version: 1.2
Default schedule: 3 1 1 *
Requires engine install: Yes
Compatibility tag: .[type=‘instance’ & databasetype=‘sqlserver’]/instance[maj_version > ‘2005′ & hasengine=‘YES’ & eng_inst_priv = 0 & (engine_edition = ‘Microsoft SQL Server’ engine_edition = ‘Azure SQL Managed Instance’)]

Parameters

Name Default value Description
return status 1 Return status value (ALARM – 2, WARNING – 1, or OK – 0) when the CLR Assembly permission_set is not set to SAFE access.
enable SAFE access NO If set to “YES“ the alert will alter assembly and set permission_set to value SAFE.
history threshold 365 The maximum number of days to keep statistics for in the historic tables.

Job Summary

bc. SELECT name, permission_set FROM sys.assemblies WHERE is_user_defined = 1;

Detailed Implementation

This job includes several key processes:

Tables Involved

The activity involves the manipulation and referencing of the following tables:

Schedule

Dependencies

The execution of this job relies on:

Job Reporting

The reports generated by this job offer insights into:

Versioning and Upgrades

Upgrades from an older version (1.1) involve:

This job, through its complex and multi-faceted approach, plays a crucial role in the preventative security measures adopted by organizations using SQL Server, ensuring assemblies operate under strict control and within safe parameters.