clr enabled 服务器配置选项clr enabled Server Configuration Option

适用对象: yesSQL ServeryesAzure SQL 数据库noAzure SQL 数据仓库no并行数据仓库APPLIES TO: yesSQL Server noAzure SQL Database noAzure SQL Data Warehouse noParallel Data Warehouse

可以使用 clr enabled 选项指定 SQL ServerSQL Server是否可以运行用户程序集。Use the clr enabled option to specify whether user assemblies can be run by SQL ServerSQL Server. clr enabled 选项提供下列值:The clr enabled option provides the following values:

ReplTest1Value 描述Description
00 不允许在 SQL ServerSQL Server上执行程序集。Assembly execution not allowed on SQL ServerSQL Server.
11 允许在 SQL ServerSQL Server上执行程序集。Assembly execution allowed on SQL ServerSQL Server.

仅 WOW64。WOW64 only. 重启 WOW64 服务器使设置更改生效。Restart WOW64 servers to effect the settings changes. 其他服务器类型不需要重启。No restart required for other server types.

运行 RECONFIGURE 时,clr enabled 选项的运行值将从 1 更改为 0,所有包含用户程序集的应用程序域将立即被卸载。When you run RECONFIGURE, and the run value of the clr enabled option is changed from 1 to 0, all application domains containing user assemblies are immediately unloaded.

轻型池不支持执行公共语言运行时(CLR) 。禁用以下两个选项中的一个:“clr enabled”或“lightweight pooling”。Common language runtime (CLR) execution is not supported under lightweight pooling Disable one of two options: "clr enabled" or "lightweight pooling". 依赖于 CLR 并且在纤程模式下无法正常工作的功能包括: hierarchy 数据类型、复制和基于策略的管理。Features that rely upon CLR and that do not work properly in fiber mode include the hierarchy data type, replication, and Policy-Based Management.


CLR 在 .NET Framework 中使用代码访问安全性 (CAS)(不可再作为安全边界)。CLR uses Code Access Security (CAS) in the .NET Framework, which is no longer supported as a security boundary. 使用 PERMISSION_SET = SAFE 创建的 CLR 程序集可以访问外部系统资源、调用非托管代码以及获取 sysadmin 特权。A CLR assembly created with PERMISSION_SET = SAFE may be able to access external system resources, call unmanaged code, and acquire sysadmin privileges. SQL Server 2017 (14.x)SQL Server 2017 (14.x) 开始,引入了名为 clr strict securitysp_configure 选项,以增强 CLR 程序集的安全性。Beginning with SQL Server 2017 (14.x)SQL Server 2017 (14.x), an sp_configure option called clr strict security is introduced to enhance the security of CLR assemblies. 默认启用 clr strict security,并将 SAFEEXTERNAL_ACCESS 程序集与标记为 UNSAFE 的程序集同等对待。clr strict security is enabled by default, and treats SAFE and EXTERNAL_ACCESS assemblies as if they were marked UNSAFE. 可禁用 clr strict security 选项以实现后向兼容性,但不建议这样做。The clr strict security option can be disabled for backward compatibility, but this is not recommended. Microsoft 建议所有程序集都通过证书或非对称密钥进行签名,且该证书或非对称密钥具有已在主数据库中获得 UNSAFE ASSEMBLY 权限的相应登录名。Microsoft recommends that all assemblies be signed by a certificate or asymmetric key with a corresponding login that has been granted UNSAFE ASSEMBLY permission in the master database. SQL ServerSQL Server 管理员还可以将程序集添加到数据库引擎应信任的程序集列表。administrators can also add assemblies to a list of assemblies, which the Database Engine should trust. 有关详细信息,请参阅 sys.sp_add_trusted_assemblyFor more information, see sys.sp_add_trusted_assembly.


下面的示例首先显示 clr enabled 选项的当前设置,然后通过将选项值设置为 1 启用该选项。The following example first displays the current setting of the clr enabled option and then enables the option by setting the option value to 1. 若要禁用该选项,请将此值设置为 0。To disable the option, set the value to 0.

EXEC sp_configure 'clr enabled';  
EXEC sp_configure 'clr enabled' , '1';  

另请参阅See Also

lightweight pooling 服务器配置选项 lightweight pooling Server Configuration Option
服务器配置选项 (SQL Server) Server Configuration Options (SQL Server)
sp_configure (Transact-SQL) sp_configure (Transact-SQL)
lightweight pooling 服务器配置选项lightweight pooling Server Configuration Option