http://blogs.msdn.com/s4cd/archive/tags/SQL+Server+2005/default.aspxTags: SQL Server 2005enCommunityServer 2.1 SP1 (Build: 61025.2)http://blogs.msdn.com/s4cd/archive/2006/09/06/743182.aspxWed, 06 Sep 2006 23:10:00 GMT91d46819-8472-40ad-a661-2c78acb4018c:743182dansellers2http://blogs.msdn.com/s4cd/comments/743182.aspxhttp://blogs.msdn.com/s4cd/commentrss.aspx?PostID=743182<P>The one topic that I get asked to talk about frequently is Encrypting Data with SQL Server 2005.&nbsp; Personally, I am very impressed with the build-in encryption support provided in SQL Server 2005, but one of my favorite and what appears to be a subtle Security enhancement in SQL Server 2005 is the ability to sign Modules such as Stored Procedures, Functions or&nbsp;Triggers&nbsp;with Certificates.</P> <P><STRONG>The first thing you are probably wonder is why would I want to sign a Stored Procedures?</STRONG></P> <P><A href="http://msdn2.microsoft.com/en-us/library/ms345102.aspx" target=_blank>By signing a Module</A> with a certificate, the certificate is then granted the relevant permission and goes beyond what can be achieved with the "Execute As" feature, especially from an auditing perspective.&nbsp; </P> <P>When you perform tracing, the auditing table will&nbsp;record the&nbsp;"Execute As User" that performed the operation of the Stored Procedure (the user account in which the stored procedure is executing under) but does not show who the&nbsp;actual calling user was.&nbsp; Now, there is a additional column in the auditing table that will record the original login that caused the actions to occur, however, in the trace records it will only show that Execute As User performed all the operations and not the original caller.</P> <P>Thus the moral of the story is we use the Sign Module approach in SQL Server 2005 this will allow us to capture the original caller that caused the action to occur in the Stored Procedure.</P> <P><STRONG>So how do I set this up?</STRONG></P> <P>Let say we have an End User calling a Stored Procedure called Proc1 that will perform some kind of action on Table1.&nbsp; The End User does not have permission on the Table 1, only the Proc1 does, however, the End User has been granted Execute permission.</P> <P>Now we can sign Proc1 with a certificate called Cert1.&nbsp; We then create a User called CertUser which is mapped to the Cert1.&nbsp; Then we grant the necessary permission on Table1 to CertUser.</P> <P><STRONG>What is going on under the Hood of SQL Server 2005?</STRONG></P> <P>When a SQL Server 2005 User calls a Module the User Token--similar to a token in Windows will be passed to the Module.&nbsp; The Token will contain both the primary id--identifies the calling user--and the secondary's id--the SQL Server 2005 roles the user belongs to.&nbsp; If the Module has been signed, SQL Server 2005 will add the User Account which has been mapped to the Certificate--that was used to sign the Module--to the secondary id of the calling user.</P> <P>Therefore, in our example, when EndUser calls SP1, SP1 will verify the signature of Cert1 and add CertUser--the user that was mapped to the Certificate--to the secondary id of the EndUser token.&nbsp; Now EndUser can have access to the Table1 via the signed Module "Proc1" and in tracing we can capture the "Calling User"--End User--and not just the "Executing As User" only.</P><img src="http://blogs.msdn.com/aggbug.aspx?PostID=743182" width="1" height="1">SQL Server 2005