Setting CLR Assembly Permission Sets to SAFE_ACCESS will prevent assemblies from accessing external system resources such as files, the network, environment variables, or the registry. Rationale: Assemblies with EXTERNAL_ACCESS or UNSAFE permission sets can be used to access sensitive areas of the operating system, steal and/or transmit data and alter the state and other protection measures of the underlying Windows Operating System. Assemblies which are Microsoft-created (is_user_defined = 0) are excluded from this check as they are required for overall system functionality. Impact: The remediation measure should first be tested within a test environment prior to production to ensure the assembly still functions as designed with SAFE permission setting.
USE <database_name>; GO ALTER ASSEMBLY <assembly_name> WITH PERMISSION_SET = SAFE; Default Value: SAFE permission is set by default.