Stored Procedures  «Prev  Next»

Lesson 3 Enforcing business rules with stored procedures
Objective Describe how stored procedures can aid in enforcing business rules.

Enforcing Business Rules Using Stored Procedures

To enforce business rules in SQL Server, you first need a clear definition of the rules and when they must be applied. Once you know the rules, you can divide them into logical units of work and implement those units in stored procedures. This approach helps ensure that the same validations and side effects occur consistently, regardless of which application submits the request.

Consider these two rules:
  1. When a new employee is hired, the employee’s contact information is inserted into the Employees table, and the department manager is notified.
  2. When an employee is transferred, the employee’s new department number is recorded in the CompanyOrg table, and the department manager is notified.
Both rules involve data changes plus a required notification. Stored procedures are a natural fit because they can validate inputs, perform the database updates, and ensure those steps execute as one business transaction.

How Stored Procedures Help Enforce Business Rules

Stored procedures enforce business rules by centralizing and standardizing the logic that defines an operation. In practical SQL Server systems, this typically provides five benefits:
  1. Centralized rule enforcement: you implement the rule once in the database and every caller executes the same logic. This reduces “rule drift” when multiple applications access the same data.
  2. Validation before data changes: procedures can check required conditions (for example, “department exists” or “employee is active”) before performing inserts or updates.
  3. Transactional consistency: when a business rule requires multiple statements, the procedure can wrap them in a transaction so that either all steps succeed or all steps are rolled back together.
  4. Controlled access: rather than granting users direct update rights to tables, you can grant EXECUTE permissions on procedures that implement approved operations.
  5. Reusable building blocks: procedures can call other procedures, allowing you to extract common tasks (for example, “notify manager”) and reuse them across multiple business processes.

The following series of images shows different ways to structure stored procedures to meet the business rules above.

Construct one stored procedure for new hires that inserts contact information into the Employee table and emails the department manager.
1) One approach is to create a stored procedure for new hires that inserts contact information into the Employees table and notifies the department manager.

Construct a second stored procedure that records a transferred employee’s new department number in the CompanyOrg table and emails the department manager.
2) You could then create a second stored procedure for transfers that updates the employee’s department number in CompanyOrg and notifies the department manager.
Both stored procedures share the same task of identifying the department manager and sending a notification.
3) Notice the duplication: both procedures must identify the department manager and send a notification.
A better solution is a third procedure that identifies and notifies an employee’s department manager based on employee ID.
4) A better design is to create a third stored procedure that identifies and notifies the department manager based on an employee ID.
The third procedure is called by the first two procedures, encapsulating the shared notification task and reducing duplication.
5) The “notify manager” procedure can be called by both the new-hire procedure and the transfer procedure, reducing duplicated code and keeping the business rule consistent.

Stored Procedures and Client-Server Architecture

Where your business rules are implemented depends on your application architecture. In practice, many systems combine database-level enforcement (constraints, triggers, procedures) with application-layer enforcement (service logic). The key is to keep the rules consistent across layers.

Classic client/server architectures are often described in tiers:
  1. Two-tier: a client application connects directly to SQL Server. In this model, stored procedures run on the database server and are a primary way to enforce rules close to the data.
  2. Three-tier: a middle tier (application server / API) contains significant business logic. Stored procedures may still enforce critical data integrity rules and transactional operations, while the middle tier orchestrates workflow and integrates external services.
  3. N-tier: multiple middle tiers exist (for example, API + services + messaging). Stored procedures typically focus on database-centric validation and transactional updates, while higher-level workflow and integration are handled outside the database.

Design guidance: keep business rules that protect data integrity and transactional correctness close to the database, and use procedures to provide stable, permission-controlled operations that callers can execute consistently. In the next lesson, you will practice creating stored procedures.

SEMrush Software 3 SEMrush Banner 3