My stored procedure:
CREATE PROCEDURE [dbo].[uspUserIsInGroup]
@username varchar(30),
@groupname varchar(30),
@ReturnCount int OUTPUT
AS
BEGIN
SET NOCOUNT ON;
SELECT @ReturnCount = count(*)
FROM sys.database_role_members AS m
INNER JOIN sys.database_principals AS dp
ON m.member_principal_id = dp.principal_id
INNER JOIN sys.server_principals AS l
ON dp.[sid] = l.[sid]
INNER JOIN sys.database_principals AS r
ON m.role_principal_id = r.principal_id
WHERE 1=1
AND l.name = @username
AND r.name = @groupname
END
My asp code:
Set cn = CreateObject("ADODB.Connection")
Set cmd = CreateObject("ADODB.Command")
cn.Open db
Set cmd.ActiveConnection = cn
cmd.CommandText = "uspUserIsInGroup"
cmd.CommandType = 4 '4=adCmdStoredProc
cmd.Parameters.Append cmd.CreateParameter("@username", 203, 1, 100, "peds\pss_admin")
cmd.Parameters.Append cmd.CreateParameter("@groupname", 203, 1, 100, "rolePSS_admin")
cmd.Parameters.Append cmd.CreateParameter("@ReturnCount", 200, 2, 255)
cmd.Execute
response.write "value returned is: " & cmd.Parameters(2).Value & "<br />"
I've tried:
response.write "value returned is: " & cmd.Parameters(2).Value & "<br />"
response.write "value returned is: " & cmd.Parameters(2) & "<br />"
response.write "value returned is: " & cmd.Parameters("@ReturnCount").Value & "<br />"
response.write "value returned is: " & cmd.Parameters("@ReturnCount") & "<br />"
I've tried with '@' and without. I've checked the permissions. In call cases I get '0', but the value should be 1.
Running a trace on SQL, this is what's being run:
declare @p3 int
set @p3=0
exec uspUserIsInGroup N'peds\pss_admin',N'rolePSS_admin',@p3 output
select @p3
Which does give a result of 1.
What am I doing wrong, what am I missing? Does it have any thing to do with the fact that when I run the code from the Trace, the result has "(No column name)"?
Thanks!
As discussed in the comments the result of your query can change according to the permissions of the logged in user.
You can use procedure signing if you don't want to grant the asp account the required permissions directly.
sys.database_principals
states
Any user can see their own user name, the system users, and the fixed database roles. To see other users, requires ALTER ANY USER, or a permission on the user. To see user-defined roles, requires ALTER ANY ROLE, or membership in the role.
sys.database_role_members
states
Any user can view their own role membership. To view other role memberships requires membership in the db_securityadmin fixed database role or VIEW DEFINITION on the database.
sys.server_principals
states
Any login can see their own login name, the system logins, and the fixed server roles. To see other logins, requires ALTER ANY LOGIN, or a permission on the login. To see user-defined server roles, requires ALTER ANY SERVER ROLE, or membership in the role.
cmd.Parameters.Append cmd.CreateParameter("@username", 203, 1, 100, "peds\\pss_admin") cmd.Parameters.Append cmd.CreateParameter("@groupname", 203, 1, 100, "rolePSS_admin") cmd.Parameters.Append cmd.CreateParameter("@ReturnCount", 200, 2, 255)
-should be-
cmd.Parameters.Append cmd.CreateParameter("@username", adVarChar, adParamInput, 30, "peds\pss_admin")
cmd.Parameters.Append cmd.CreateParameter("@groupname", adVarChar, adParamInput, 30, "rolePSS_admin")
cmd.Parameters.Append cmd.CreateParameter("@ReturnCount",adInteger,adParamOutput)
where adInteger = 3, adParamOutput = 2, adVarChar = 200
so your statement output parameter using hard-coded numbers should read:
cmd.Parameters.Append cmd.CreateParameter("@ReturnCount", 3, 2)
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.