Sql-server – How to separate Stored Procedures (i.e. all the business logic) from Client Database so that it only contains client data

sql serversql-server-2008sql-server-2012synonyms

Scenario: Our Application Database (in SQL Server 2012) contains entire business logic in the Stored Procedures (SPs). Everytime we have to publish the DB to the client, it unnecessarily results in copying the SPs to the Client DB.

Problem: All the Business Logic gets copied at the Client Side and results in proprietary issues.

Solutions Tried Earlier:

  1. CREATE PROCEDURE Proc_Name WITH ENCRYPTION

    This method results in encrypted and non-maintainable SP code. We cannot judge which version of code is running at the client side, hence cannot debug. Version control cannot be applied. Moreover, client cannot perform DB replication since encrypted SPs do not get replicated.

  2. CREATE SYNONYM SchemaName.Proc_Name FOR LinkedServerDB.SchemaName.Proc_Name

    This allows for creation of references (synonyms) at Client_DB which access the actual SPs residing on a Remote_Linked_Server_DB. In each SP call, entire data is accessed from Client_DB and transmitted to Remote_Linked_Server_DB where the calculations are done and the result is sent back. This results in acute performance issues. Also requires 24×7 internet connectivity to the remote linked server.

Requirement (Edited):

  1. We are looking for a solution whereby the stored procedure code could be compiled (secured) and separated from the Client Database.
  2. The compiled stored procedure code should be available at the client-end so that client does not require 24×7 connection to a remote location for accessing the stored procedures as in the case of using SYNONYMS.
  3. I have a slight hint of using CLR-SQL in Visual Studio Database Projects, but I guess that would require re-writing all the stored procedures (which is nearly impossible since we have more than 100 SPs).

Best Answer

I do not think that your requirements are complete as there are reasons that your prior attempts did not work that are not reflected in the stated Requirements. You mentioned in attempted solution #1 that you need to be able to debug the code / know what version it is, and the client needs to be able to replicate the code. Are these two issues current requirements?

If the need for replication is still a requirement, then that conflicts with the requirement to be "compiled (secured)".

I will assume that the client's server is something they have full sa access to such that DENYing the VIEW ANY DEFINITION permission is not a viable approach.

One thing to try is taking the T-SQL of your Stored Procedures and encapsulating each one, unchanged, into CLR Stored Procedures. You would place one or more related Stored Procedures into an Assembly. Here are some thoughts about this:

  • Assemblies conveniently have a version number that can be seen in the sys.assemblies catalog view, SSMS (right-click on the Assembly to view the Properties), and the ASSEMBLYPROPERTY function.
  • You probably don't want to put all of the Stored Procedures into a single Assembly, but you also don't want to have one Assembly per Stored Procedure. You can have one class file per Stored Procedure and several of those included in a single Assembly.
  • All of the Assemblies should use WITH PERMISSION_SET = SAFE
  • The only code in each CLR Stored Procedure would be:
    • Create a SqlCommand with a CommandType of CommandType.Text and CommandText set to the current T-SQL Stored Procedure content
    • No SqlConnection should be needed (if it is, then it is just "context connection=true")
    • Map the SqlParameterCollection of the SqlCommand to the input parameters of the CLR Stored Procedure
    • Call SqlContext.Pipe.ExecuteAndSend(_YourSqlCommand);
  • The Assembly and related Stored Procedures would be loaded into each Client DB
  • CLR Stored Procedures are not able to be replicated, but that could probably be worked around
Related Question