CLR 严格安全性CLR strict security

适用对象:是SQL Server 否Azure SQL 数据库 否Azure Synapse Analytics (SQL DW) 否并行数据仓库APPLIES TO: yesSQL Server noAzure SQL Database noAzure Synapse Analytics (SQL DW) noParallel Data Warehouse

控制 SQL ServerSQL ServerSAFEEXTERNAL ACCESSUNSAFE 权限的解释。Controls the interpretation of the SAFE, EXTERNAL ACCESS, UNSAFE permission in SQL ServerSQL Server.

ReplTest1Value 描述Description
00 已禁用 - 为后向兼容而提供。Disabled - Provided for backwards compatibility. 不建议使用 Disabled 值。Disabled value is not recommended.
11 已启用 - 导致 数据库引擎Database Engine 忽略程序集上的 PERMISSION_SET 信息,并始终将其解释为 UNSAFEEnabled - Causes the 数据库引擎Database Engine to ignore the PERMISSION_SET information on the assemblies, and always interpret them as UNSAFE. EnabledSQL Server 2017 (14.x)SQL Server 2017 (14.x) 的默认值。Enabled is the default value for SQL Server 2017 (14.x)SQL Server 2017 (14.x).


CLR 在 .NET Framework 中使用代码访问安全性 (CAS)(不可再作为安全边界)。CLR uses Code Access Security (CAS) in the .NET Framework, which is no longer supported as a security boundary. 使用 PERMISSION_SET = SAFE 创建的 CLR 程序集可以访问外部系统资源、调用非托管代码以及获取 sysadmin 特权。A CLR assembly created with PERMISSION_SET = SAFE may be able to access external system resources, call unmanaged code, and acquire sysadmin privileges. SQL Server 2017 (14.x)SQL Server 2017 (14.x) 开始,引入了名为 clr strict securitysp_configure 选项,以增强 CLR 程序集的安全性。Beginning with SQL Server 2017 (14.x)SQL Server 2017 (14.x), an sp_configure option called clr strict security is introduced to enhance the security of CLR assemblies. 默认启用 clr strict security,并将 SAFEEXTERNAL_ACCESS 程序集与标记为 UNSAFE 的程序集同等对待。clr strict security is enabled by default, and treats SAFE and EXTERNAL_ACCESS assemblies as if they were marked UNSAFE. 可禁用 clr strict security 选项以实现后向兼容性,但不建议这样做。The clr strict security option can be disabled for backward compatibility, but this is not recommended. Microsoft 建议所有程序集都通过证书或非对称密钥进行签名,且该证书或非对称密钥具有已在主数据库中获得 UNSAFE ASSEMBLY 权限的相应登录名。Microsoft recommends that all assemblies be signed by a certificate or asymmetric key with a corresponding login that has been granted UNSAFE ASSEMBLY permission in the master database. SQL ServerSQL Server 管理员还可以将程序集添加到数据库引擎应信任的程序集列表。administrators can also add assemblies to a list of assemblies, which the Database Engine should trust. 有关详细信息,请参阅 sys.sp_add_trusted_assemblyFor more information, see sys.sp_add_trusted_assembly.


启用时,CREATE ASSEMBLYALTER ASSEMBLY 语句中的 PERMISSION_SET 选项在运行时将被忽略,但元数据中将保留 PERMISSION_SET 选项。When enabled, the PERMISSION_SET option in the CREATE ASSEMBLY and ALTER ASSEMBLY statements is ignored at run-time, but the PERMISSION_SET options are preserved in metadata. 忽略选项可最大程度减少中断现有代码语句。Ignoring the option, minimizes breaking existing code statements.

CLR strict security 是一种 advanced optionCLR strict security is an advanced option.


启用严格安全性后,未签名的任何程序集都将加载失败。After enabling strict security, any assemblies that are not signed will fail to load. 必须更改或删除并重新创建每个程序集,以便使用具有相应登录名(该登录名对应于服务器上的 UNSAFE ASSEMBLY 权限)的证书或非对称密钥对程序集进行签名。You must either alter or drop and recreate each assembly so that it is signed with a certificate or asymmetric key that has a corresponding login with the UNSAFE ASSEMBLY permission on the server.


更改此选项To change this option

要求具有 CONTROL SERVER 权限,或者具有 sysadmin 固定服务器角色的成员身份。Requires CONTROL SERVER permission, or membership in the sysadmin fixed server role.

创建 CLR 程序集To create an CLR assembly

启用 CLR strict security 时,创建 CLR 程序集需要以下权限:The following permissions required to create a CLR assembly when CLR strict security is enabled:

  • 用户必须具有 CREATE ASSEMBLY 权限The user must have the CREATE ASSEMBLY permission
  • 并且,还必须满足以下条件之一:And one of the following conditions must also be true:
    • 使用具有相应登录名(该登录名对应于服务器上的 UNSAFE ASSEMBLY 权限)的证书或非对称密钥对程序集进行签名。The assembly is signed with a certificate or asymmetric key that has a corresponding login with the UNSAFE ASSEMBLY permission on the server. 建议对程序集进行签名。Signing the assembly is recommended.
    • 数据库的 TRUSTWORTHY 属性设置为 ON,且数据库由在服务器上具有 UNSAFE ASSEMBLY 权限的登录名所有。The database has the TRUSTWORTHY property set to ON, and the database is owned by a login that has the UNSAFE ASSEMBLY permission on the server. 不建议使用此选项。This option is not recommended.

另请参阅See Also

服务器配置选项 (SQL Server) Server Configuration Options (SQL Server)
sp_configure (Transact-SQL) sp_configure (Transact-SQL)
clr enabled 服务器配置选项clr enabled Server Configuration Option