Export (0) Print
Expand All

Roles and Views in the Application Services Database for SQL Server

The SQL Server provider database for ASP.NET application services includes a number of database objects (for example, stored procedures and tables) to support ASP.NET membership, role manager, profiles, Web Parts personalization, and Web events. The database includes roles and views that restrict access to only the objects required to support a particular feature. This enables you to improve the security of your applications by granting the minimum required permission to the identity that connects to the SQL Server database.

The database includes roles that grant only the required access to database objects that support the SQL Server provider features. To improve the security of your application, you can create a database account and add it as a member of only the required role or roles for features.

There are three types of database roles provided.

  • FullAccess   Provides access to all database objects that support a feature without requiring administrator access.

  • BasicAccess   Provides minimum access for a user to utilize a feature.

  • ReportingAccess   Provides access to search and view capabilities for a feature.

Each application feature supports its own set of roles. For example, the database includes an aspnet_MembershipFullAccess role, an aspnet_RolesFullAccess role, and so on.

Membership Roles

The following table lists the database roles that support ASP.NET membership, the methods supported by the role, and the database views that the role is permitted to use.

Role

Method Permissions

View Permissions

aspnet_Membership_FullAccess

All membership methods

vw_aspnet_Applications

vw_aspnet_Users

vw_aspnet_MembershipUsers

aspnet_Membership_BasicAccess

ValidateUser

UpdateUser

GetNumberOfUsersOnline

GetPassword

GetUser

GetUserNameByEmail

(None)

aspnet_Membership_ReportingAccess

FindUsersByEmail

FindUsersByName

GetAllUsers

GetNumberOfUsersOnline

GetUser

GetUserNameByEmail

vw_aspnet_Applications

vw_aspnet_Users

vw_aspnet_MembershipUsers

Role Manager Roles

The following table lists the database roles that support the ASP.NET roles, the methods supported by the role, and the database views that the role is permitted to use.

Role

Method Permissions

Views Permission

aspnet_Roles_FullAccess

All role manager methods

vw_aspnet_Applications

vw_aspnet_Users

vw_aspnet_Roles

vw_aspnet_UsersInRoles

aspnet_Roles_BasicAccess

GetRolesForUser

IsUserInRole

(None)

aspnet_Roles_ReportingAccess

FindUsersInRole

GetAllRoles

GetRolesForUser

GetUsersInRole

IsUserInRole

RoleExists

vw_aspnet_Applications

vw_aspnet_Users

vw_aspnet_Roles

vw_aspnet_UsersInRoles

Profile Roles

The following table lists the database roles that support ASP.NET profiles, the methods supported by the role, and the database views that the role is permitted to use.

Role

Method Permissions

View Permissions

aspnet_Profile_FullAccess

All profile methods

vw_aspnet_Applications

vw_aspnet_Users

vw_aspnet_Profiles

aspnet_Profile_BasicAccess

GetPropertyValues

SetPropertyValues

(None)

aspnet_Profile_ReportingAccess

GetAllProfiles

GetAllInactiveProfiles

GetNumberOfInactiveProfiles

FindProfilesByUserName

FindInactiveProfilesByUserName

vw_aspnet_Applications

vw_aspnet_Users

vw_aspnet_Profiles

Web Parts Personalization Roles

The following table lists the database roles that support Web Parts personalization, the methods supported by the role, and the database views that the role is permitted to use.

Role

Method Permissions

View Permissions

aspnet_Personalization_FullAccess

All functionality of the SQL provider.

vw_aspnet_Applications

vw_aspnet_Users

vw_aspnet_WebPartState_User

vw_aspnet_WebPartState_Shared

vw_aspnet_WebPartState_Paths

aspnet_Personalization_BasicAccess

LoadPersonalizationBlobs

LoadPersonalizationState

ResetPersonalizationState

ResetPersonalizationBlob

SavePersonalizationBlob

SavePersonalizationState

(None)

aspnet_Personalization_ReportingAccess

FindState

GetCountOfState

vw_aspnet_Applications

vw_aspnet_Users

vw_aspnet_WebPartState_Paths

vw_aspnet_WebPartState_Shared

vw_aspnet_WebPartState_User

Web Events Roles

The following table lists the database roles that support Web events, the methods supported by the role, and the database views that the role is permitted to use.

Role

Permissions

aspnet_WebEvent_FullAccess

Full access to the WebEvent feature.

The SQL Server provider database includes predefined views that enable you to access the data for a particular feature without accessing the database tables directly. The views provided are for read-only access. You should not attempt to update the data in the database using the views. All updates should be made using the .NET Framework classes for each feature.

NoteNote

Date and time values are stored in the SQL Server provider database in Universal Coordinated Time (UTC) format. As a result, views provided for features will return date and time values in UTC format. Properties of type DateTime that are included with a particular ASP.NET feature will return the local date and time based on the time zone settings of the Web server.

The following table lists the database views available in the SQL Server provider database and the information returned for each view. Some views display private information, such as the password question and answer for a membership user, so you should take care not to expose the sensitive information to an unwanted source.

View

Description

vw_aspnet_Applications

Displays the following information for all applications:

  • Application name

  • Application description

  • Unique application identifier

vw_aspnet_Users

Displays a list of users per application, including the following information:

  • User name

  • User's unique identifier

  • User's last activity date and time

  • User's mobile alias (if applicable)

  • Whether the user is an anonymous user.

  • Unique identifier for the associated application.

NoteNote
The list of users reflects users of all installed ASP.NET application features and does not reflect which feature the users are associated with.

vw_aspnet_MembershipUsers

Displays a list of ASP.NET membership users associated with the unique identifier for the user, including the following information:

  • User name

  • E-mail address

  • Password question and answer

  • Membership approval

  • Password format identifier

  • User's mobile PIN and mobile alias (if applicable)

  • Creation date and time

  • Last login date and time

  • Last password change date and time

  • Last activity date and time

  • Date and time the user was last locked out

  • Current lockout status

  • Number of failed password attempts and the beginning date and time of the password attempt window

  • Number of failed password answer attempts and the beginning date and time of the password answer attempt window

  • Comment, if any

vw_aspnet_Roles

Displays the following role information:

  • Unique list of roles per application

  • Role name

  • Unique role identifier

  • Role description

  • Unique identifier for the associated application

vw_aspnet_UsersInRoles

Displays which users are associated with which roles by the unique identifiers for the user and the role.

vw_aspnet_Profiles

Displays the following user profile information:

  • User for each profile, as stored under the unique identifier for the user

  • Date and time the profile was last updated

  • Size of the profile data

vw_aspnet_WebPartState_Path

Displays the following Web Parts state path information:

  • Unique ID for each path

  • Application associated with each path

  • Path

vw_aspnet_WebPartState_Shared

Displays the following Web Parts state information:

  • Unique path ID

  • Size of the data

  • Last update date for shared data associated with the path

vw_aspnet_WebPartState_User

Displays the following Web Parts user information:

  • User for each piece of personalization data, as stored under the unique identifier for the user

  • Path ID of the data

  • Size of the user-scoped data

  • Last update date for the user-scoped data

Community Additions

ADD
Show:
© 2014 Microsoft