The Telerik Platform product is retired.Learn more

Security of Stored Procedures

Security of Stored Procedures

Similarly to other Telerik Platform resources, stored procedures are subject to access control. You can use permissions to specify who has access to your stored procedure endpoints.

This article explains important concepts behind stored procedure permissions and talks about using the portal to view and set permissions. See Introduction to Business Logic Permissions to find out how to manage permissions programmatically.

Default Permissions

By default, when you map a stored procedure, the resulting endpoint can be invoked by users in all currently existing roles, including the Anonymous role.

Newly-added roles in your application are not allowed to call these endpoints. You need to set the permissions for the endpoint to accept requests from users in these roles.

You are advised to change the default set of permissions. In case you decide to keep it, ensure that you take into account all possible parameters and act accordingly. Even if you are making the right calls to the endpoint from your app, someone might find out the endpoint URL and execute it with whatever parameters they want.

To set an endpoint's permissions click the gear icon next to the endpoint name and select Permissions from the drop-down list.

Access the permissions of a cloud function screen

Role-Based Permissions

Just as with content types and Cloud Functions, role-based permissions can be leveraged to control who can invoke stored procedure endpoints. For example you could allow only users belonging to the Registered role to access an endpoint.

"Set the permissions of a cloud function screen"

See Also

Contact us: +1-888-365-2779
Copyright © 2016-2018, Progress Software Corporation and/or its subsidiaries or affiliates. All rights reserved.