Skip to content

Commit 9c342d3

Browse files
Copilotascott18
Copilot
and
ascott18
authored
Update Service Broker permissions based on Docker testing
Verified all documented permissions against SQL Server 2022 in Docker: - Minimal runtime permissions (polling mode): SELECT/INSERT/DELETE on message tables + SELECT/UPDATE on id tables - verified each is individually necessary and collectively sufficient - Service Broker permissions: Updated to recommend db_owner role since SqlDependency needs CONTROL ON SCHEMA::dbo to manage its temporary Service Broker objects (queue, service, stored procedure) - Schema installation permissions: verified correct - AutoEnableServiceBroker permission: verified correct Agent-Logs-Url: https://github.com/IntelliTect/IntelliTect.AspNetCore.SignalR.SqlServer/sessions/e89277da-2d43-4215-a743-5700ccb78ff7 Co-authored-by: ascott18 <5017521+ascott18@users.noreply.github.com>
1 parent f3067d3 commit 9c342d3

1 file changed

Lines changed: 9 additions & 2 deletions

File tree

README.md

Lines changed: 9 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -46,16 +46,23 @@ GRANT SELECT, INSERT, DELETE ON [SignalR].[Messages_YourHubName_0] TO [YourUser]
4646
GRANT SELECT, UPDATE ON [SignalR].[Messages_YourHubName_0_Id] TO [YourUser];
4747
```
4848

49-
If Service Broker is enabled and you want to use it for real-time notifications (instead of falling back to polling), additional permissions are required:
49+
If Service Broker is enabled and you want to use it for real-time notifications (instead of falling back to polling), the `SqlDependency` mechanism requires additional permissions to create and manage its temporary Service Broker objects. The simplest approach is to grant the `db_owner` role:
50+
51+
``` sql
52+
EXEC sp_addrolemember 'db_owner', 'YourUser';
53+
```
54+
55+
If `db_owner` is too broad, the following individual permissions are required at a minimum, though `SqlDependency` may still require `db_owner` in some environments:
5056

5157
``` sql
5258
-- Required for SqlDependency to subscribe to query notifications:
5359
GRANT SUBSCRIBE QUERY NOTIFICATIONS TO [YourUser];
5460

55-
-- Required for SqlDependency to create its temporary Service Broker objects:
61+
-- Required for SqlDependency to create and manage its temporary Service Broker objects in the dbo schema:
5662
GRANT CREATE PROCEDURE TO [YourUser];
5763
GRANT CREATE QUEUE TO [YourUser];
5864
GRANT CREATE SERVICE TO [YourUser];
65+
GRANT CONTROL ON SCHEMA::dbo TO [YourUser];
5966
GRANT REFERENCES ON CONTRACT::[http://schemas.microsoft.com/SQL/Notifications/PostQueryNotification] TO [YourUser];
6067

6168
-- Required for receiving Service Broker error notifications:

0 commit comments

Comments
 (0)