ALTER ASSBLY, Adding clr strict security

Author: BYHAM

docs/t-sql/statements/alter-assembly-transact-sql.md

@@ -1,7 +1,7 @@
 ---
 title: "ALTER ASSEMBLY (Transact-SQL) | Microsoft Docs"
 ms.custom: ""
-ms.date: "01/12/2017"
+ms.date: "04/19/2017"
 ms.prod: "sql-non-specified"
 ms.reviewer: ""
 ms.suite: ""
@@ -32,7 +32,10 @@ manager: "jhubbard"
 [!INCLUDE[tsql-appliesto-ss2008-xxxx-xxxx-xxx_md](../../includes/tsql-appliesto-ss2008-xxxx-xxxx-xxx-md.md)]
 
   Alters an assembly by modifying the [!INCLUDE[ssNoVersion](../../includes/ssnoversion-md.md)] catalog properties of an assembly. ALTER ASSEMBLY refreshes it to the latest copy of the [!INCLUDE[msCoName](../../includes/msconame-md.md)] [!INCLUDE[dnprdnshort](../../includes/dnprdnshort-md.md)] modules that hold its implementation and adds or removes files associated with it. Assemblies are created by using [CREATE ASSEMBLY](../../t-sql/statements/create-assembly-transact-sql.md).  
-  
+
+>  [!WARNING]
+>  CLR uses Code Access Security (CAS) in the .NET Framework, which has been marked as obsolete. A CLR assembly created with `PERMISSION_SET = SAFE` may be able to access external system resources, call unmanaged code, and acquire sysadmin privileges. Beginning with [!INCLUDE[sssqlv14-md](../../includes/sssqlv14-md.md)], an `sp_configure` option called `clr strict security` is introduced to enhance the security of CLR assemblies. `clr strict security` is enabled by default, and treats `SAFE` and `EXTERNAL_ACCESS` assemblies as if they were marked `UNSAFE`. The `clr strict security` option can be disabled for backward compatibility, but this is not recommended. Microsoft recommends that all assemblies be signed by a certificate or asymmetric key with a corresponding login that has been granted `UNSAFE ASSEMBLY` permission in the master database. For more information, see [CLR strict security](../../database-engine/configure-windows/clr-strict-security.md).  
+
  ![Topic link icon](../../database-engine/configure-windows/media/topic-link.gif "Topic link icon") [Transact-SQL Syntax Conventions](../../t-sql/language-elements/transact-sql-syntax-conventions-transact-sql.md)  
 
 ## Syntax  
@@ -75,7 +78,9 @@ ALTER ASSEMBLY assembly_name
 
  Separate ALTER ASSEMBLY statements must be issued for any dependent assemblies that also require updating.  
 
- PERMISSION_SET = { SAFE | EXTERNAL_ACCESS | UNSAFE }  
+ PERMISSION_SET = { SAFE | EXTERNAL_ACCESS | UNSAFE }   
+>  [!IMPORTANT]  
+>  The `PERMISSION_SET` option is affected by the `clr strict security` option, described in the opening warning. When `clr strict security` is enabled, all assemblies are treated as `UNSAFE`.  
  Specifies the [!INCLUDE[dnprdnshort](../../includes/dnprdnshort-md.md)] code access permission set property of the assembly. For more information about this property, see [CREATE ASSEMBLY (Transact-SQL)](../../t-sql/statements/create-assembly-transact-sql.md).  
 
 > [!NOTE]  
@@ -169,6 +174,16 @@ ALTER ASSEMBLY assembly_name
 -   To change the permission set of an assembly to UNSAFE, requires **UNSAFE ASSEMBLY** permission on the server.  
 
 -   Specifying WITH UNCHECKED DATA, requires **ALTER ANY SCHEMA** permission.  
+
+
+### Permissions with CLR strict security    
+The following permissions required to alter a CLR assembly when `CLR strict security` is enabled:
+
+- The user must have the `ALTER ASSEMBLY` permission  
+- And one of the following conditions must also be true:  
+  - The assembly is signed with a certificate or asymmetric key that has a corresponding login with the `UNSAFE ASSEMBLY` permission on the server. Signing the assembly is recommended.  
+  - The database has the `TRUSTWORTHY` property set to `ON`, and the database is owned by a login that has the `UNSAFE ASSEMBLY` permission on the server. This option is not recommended.  
+  
 
  For more information about assembly permission sets, see [Designing Assemblies](../../relational-databases/clr-integration/assemblies-designing.md).