Roles and Views in the Application Services Database for SQL Server

ASP.NET Configuration

The SQL Server provider database for ASP.NET application services includes a number of database objects (for example, stored procedures and tables) to support ASP.NET membership, role manager, profiles, Web Parts personalization, and Web events. The database includes roles and views that restrict access to only the objects required to support a particular feature. This enables you to improve the security of your applications by granting the minimum required permission to the identity that connects to the SQL Server database.

 Database Roles

The database includes roles that grant only the required access to database objects that support the SQL Server provider features. To improve the security of your application, you can create a database account and add it as a member of only the required role or roles for features.

There are three types of database roles provided.

• FullAccess   Provides access to all database objects that support a feature without requiring administrator access.

• BasicAccess   Provides minimum access for a user to utilize a feature.

• ReportingAccess   Provides access to search and view capabilities for a feature.

Each application feature supports its own set of roles. For example, the database includes an aspnet_MembershipFullAccess role, an aspnet_RolesFullAccess role, and so on.

Membership Roles

The following table lists the database roles that support ASP.NET membership, the methods supported by the role, and the database views that the role is permitted to use.

Role	Method Permissions	View Permissions
aspnet_Membership_FullAccess	All membership methods	vw_aspnet_Applications vw_aspnet_Users vw_aspnet_MembershipUsers
aspnet_Membership_BasicAccess	ValidateUser UpdateUser GetNumberOfUsersOnline GetPassword GetUser GetUserNameByEmail	(None)
aspnet_Membership_ReportingAccess	FindUsersByEmail FindUsersByName GetAllUsers GetNumberOfUsersOnline GetUser GetUserNameByEmail	vw_aspnet_Applications vw_aspnet_Users vw_aspnet_MembershipUsers

Role Manager Roles

The following table lists the database roles that support the ASP.NET roles, the methods supported by the role, and the database views that the role is permitted to use.

Role	Method Permissions	Views Permission
aspnet_Roles_FullAccess	All role manager methods	vw_aspnet_Applications vw_aspnet_Users vw_aspnet_Roles vw_aspnet_UsersInRoles
aspnet_Roles_BasicAccess	GetRolesForUser IsUserInRole	(None)
aspnet_Roles_ReportingAccess	FindUsersInRole GetAllRoles GetRolesForUser GetUsersInRole IsUserInRole RoleExists	vw_aspnet_Applications vw_aspnet_Users vw_aspnet_Roles vw_aspnet_UsersInRoles

Profile Roles

The following table lists the database roles that support ASP.NET profiles, the methods supported by the role, and the database views that the role is permitted to use.

Role	Method Permissions	View Permissions
aspnet_Profile_FullAccess	All profile methods	vw_aspnet_Applications vw_aspnet_Users vw_aspnet_Profiles
aspnet_Profile_BasicAccess	GetPropertyValues SetPropertyValues	(None)
aspnet_Profile_ReportingAccess	GetAllProfiles GetAllInactiveProfiles GetNumberOfInactiveProfiles FindProfilesByUserName FindInactiveProfilesByUserName	vw_aspnet_Applications vw_aspnet_Users vw_aspnet_Profiles

Web Parts Personalization Roles

The following table lists the database roles that support Web Parts personalization, the methods supported by the role, and the database views that the role is permitted to use.

Role	Method Permissions	View Permissions
aspnet_Personalization_FullAccess	All functionality of the SQL provider.	vw_aspnet_Applications vw_aspnet_Users vw_aspnet_WebPartState_User vw_aspnet_WebPartState_Shared vw_aspnet_WebPartState_Paths
aspnet_Personalization_BasicAccess	LoadPersonalizationBlobs LoadPersonalizationState ResetPersonalizationState ResetPersonalizationBlob SavePersonalizationBlob SavePersonalizationState	(None)
aspnet_Personalization_ReportingAccess	FindState GetCountOfState	vw_aspnet_Applications vw_aspnet_Users vw_aspnet_WebPartState_Paths vw_aspnet_WebPartState_Shared vw_aspnet_WebPartState_User

Web Events Roles

The following table lists the database roles that support Web events, the methods supported by the role, and the database views that the role is permitted to use.

Role	Permissions
aspnet_WebEvent_FullAccess	Full access to the WebEvent feature.

 Database Views

The SQL Server provider database includes predefined views that enable you to access the data for a particular feature without accessing the database tables directly. The views provided are for read-only access. You should not attempt to update the data in the database using the views. All updates should be made using the .NET Framework classes for each feature.

Note:
Date and time values are stored in the SQL Server provider database in Universal Coordinated Time (UTC) format. As a result, views provided for features will return date and time values in UTC format. Properties of type DateTime that are included with a particular ASP.NET feature will return the local date and time based on the time zone settings of the Web server.

The following table lists the database views available in the SQL Server provider database and the information returned for each view. Some views display private information, such as the password question and answer for a membership user, so you should take care not to expose the sensitive information to an unwanted source.

View	Description
vw_aspnet_Applications	Displays the following information for all applications: Application name Application description Unique application identifier
vw_aspnet_Users	Displays a list of users per application, including the following information: User name User's unique identifier User's last activity date and time User's mobile alias (if applicable) Whether the user is an anonymous user. Unique identifier for the associated application. Note: The list of users reflects users of all installed ASP.NET application features and does not reflect which feature the users are associated with.
vw_aspnet_MembershipUsers	Displays a list of ASP.NET membership users associated with the unique identifier for the user, including the following information: User name E-mail address Password question and answer Membership approval Password format identifier User's mobile PIN and mobile alias (if applicable) Creation date and time Last login date and time Last password change date and time Last activity date and time Date and time the user was last locked out Current lockout status Number of failed password attempts and the beginning date and time of the password attempt window Number of failed password answer attempts and the beginning date and time of the password answer attempt window Comment, if any
vw_aspnet_Roles	Displays the following role information: Unique list of roles per application Role name Unique role identifier Role description Unique identifier for the associated application
vw_aspnet_UsersInRoles	Displays which users are associated with which roles by the unique identifiers for the user and the role.
vw_aspnet_Profiles	Displays the following user profile information: User for each profile, as stored under the unique identifier for the user Date and time the profile was last updated Size of the profile data
vw_aspnet_WebPartState_Path	Displays the following Web Parts state path information: Unique ID for each path Application associated with each path Path
vw_aspnet_WebPartState_Shared	Displays the following Web Parts state information: Unique path ID Size of the data Last update date for shared data associated with the path
vw_aspnet_WebPartState_User	Displays the following Web Parts user information: User for each piece of personalization data, as stored under the unique identifier for the user Path ID of the data Size of the user-scoped data Last update date for the user-scoped data

 See Also

Other Resources

Creating and Configuring the Application Services Database for SQL Server

ASP.NET Reference