Roles and Views in the Application Services Database for SQL Server
The SQL Server provider database for ASP.NET application services includes a number of database objects (for example, stored procedures and tables) to support ASP.NET membership, role manager, profiles, Web Parts personalization, and Web events. The database includes roles and views that restrict access to only the objects required to support a particular feature. This enables you to improve the security of your applications by granting the minimum required permission to the identity that connects to the SQL Server database.
Database Roles
The database includes roles that grant only the required access to database objects that support the SQL Server provider features. To improve the security of your application, you can create a database account and add it as a member of only the required role or roles for features.
There are three types of database roles provided.
FullAccess Provides access to all database objects that support a feature without requiring administrator access.
BasicAccess Provides minimum access for a user to utilize a feature.
ReportingAccess Provides access to search and view capabilities for a feature.
Each application feature supports its own set of roles. For example, the database includes an **aspnet_**MembershipFullAccess role, an **aspnet_**RolesFullAccess role, and so on.
Membership Roles
The following table lists the database roles that support ASP.NET membership, the methods supported by the role, and the database views that the role is permitted to use.
Role |
Method Permissions |
View Permissions |
---|---|---|
aspnet_Membership_FullAccess |
All membership methods |
vw_aspnet_Applications vw_aspnet_Users vw_aspnet_MembershipUsers |
aspnet_Membership_BasicAccess |
(None) |
|
aspnet_Membership_ReportingAccess |
vw_aspnet_Applications vw_aspnet_Users vw_aspnet_MembershipUsers |
Role Manager Roles
The following table lists the database roles that support the ASP.NET roles, the methods supported by the role, and the database views that the role is permitted to use.
Role |
Method Permissions |
Views Permission |
---|---|---|
aspnet_Roles_FullAccess |
All role manager methods |
vw_aspnet_Applications vw_aspnet_Users vw_aspnet_Roles vw_aspnet_UsersInRoles |
aspnet_Roles_BasicAccess |
(None) |
|
aspnet_Roles_ReportingAccess |
vw_aspnet_Applications vw_aspnet_Users vw_aspnet_Roles vw_aspnet_UsersInRoles |
Profile Roles
The following table lists the database roles that support ASP.NET profiles, the methods supported by the role, and the database views that the role is permitted to use.
Role |
Method Permissions |
View Permissions |
---|---|---|
aspnet_Profile_FullAccess |
All profile methods |
vw_aspnet_Applications vw_aspnet_Users vw_aspnet_Profiles |
aspnet_Profile_BasicAccess |
(None) |
|
aspnet_Profile_ReportingAccess |
vw_aspnet_Applications vw_aspnet_Users vw_aspnet_Profiles |
Web Parts Personalization Roles
The following table lists the database roles that support Web Parts personalization, the methods supported by the role, and the database views that the role is permitted to use.
Role |
Method Permissions |
View Permissions |
---|---|---|
aspnet_Personalization_FullAccess |
All functionality of the SQL provider. |
vw_aspnet_Applications vw_aspnet_Users vw_aspnet_WebPartState_User vw_aspnet_WebPartState_Shared vw_aspnet_WebPartState_Paths |
aspnet_Personalization_BasicAccess |
(None) |
|
aspnet_Personalization_ReportingAccess |
vw_aspnet_Applications vw_aspnet_Users vw_aspnet_WebPartState_Paths vw_aspnet_WebPartState_Shared vw_aspnet_WebPartState_User |
Web Events Roles
The following table lists the database roles that support Web events, the methods supported by the role, and the database views that the role is permitted to use.
Role |
Permissions |
---|---|
aspnet_WebEvent_FullAccess |
Full access to the WebEvent feature. |
Database Views
The SQL Server provider database includes predefined views that enable you to access the data for a particular feature without accessing the database tables directly. The views provided are for read-only access. You should not attempt to update the data in the database using the views. All updates should be made using the .NET Framework classes for each feature.
Note
Date and time values are stored in the SQL Server provider database in Universal Coordinated Time (UTC) format. As a result, views provided for features will return date and time values in UTC format. Properties of type DateTime that are included with a particular ASP.NET feature will return the local date and time based on the time zone settings of the Web server.
The following table lists the database views available in the SQL Server provider database and the information returned for each view. Some views display private information, such as the password question and answer for a membership user, so you should take care not to expose the sensitive information to an unwanted source.
View |
Description |
---|---|
vw_aspnet_Applications |
Displays the following information for all applications:
|
vw_aspnet_Users |
Displays a list of users per application, including the following information:
Note:
The list of users reflects users of all installed ASP.NET application features and does not reflect which feature the users are associated with.
|
vw_aspnet_MembershipUsers |
Displays a list of ASP.NET membership users associated with the unique identifier for the user, including the following information:
|
vw_aspnet_Roles |
Displays the following role information:
|
vw_aspnet_UsersInRoles |
Displays which users are associated with which roles by the unique identifiers for the user and the role. |
vw_aspnet_Profiles |
Displays the following user profile information:
|
vw_aspnet_WebPartState_Path |
Displays the following Web Parts state path information:
|
vw_aspnet_WebPartState_Shared |
Displays the following Web Parts state information:
|
vw_aspnet_WebPartState_User |
Displays the following Web Parts user information:
|
See Also
Other Resources
Creating and Configuring the Application Services Database for SQL Server