Querying delimited column value in SQL Server

Question

I'm wondering why is this code not returning any result

   SELECT A.PermissionGroupID, A.ApplicationID, CONVERT(nvarchar(5),A.PermissionID) AS Permission, A.PermissionName, B.PermissionGroupName, C.ApplicationName 
     FROM Permission AS A 
     JOIN PermissionGroup AS B ON A.PermissionGroupID = B.PermissionGroupID 
LEFT JOIN Application AS C ON A.ApplicationID = C.ApplicationID 
    WHERE (A.Active = 1) 
      AND (CONVERT(nvarchar(2),A.PermissionID) IN (SELECT Permissions 
                                                   FROM UserPermissions 
                                                   WHERE UserID = 1))

But this one is working

   SELECT A.PermissionGroupID, A.ApplicationID, CONVERT(nvarchar(5),A.PermissionID) AS Permission, A.PermissionName, B.PermissionGroupName, C.ApplicationName 
     FROM Permission AS A 
     JOIN PermissionGroup AS B ON A.PermissionGroupID = B.PermissionGroupID 
LEFT JOIN Application AS C ON A.ApplicationID = C.ApplicationID 
    WHERE (A.Active = 1) 
      AND (CONVERT(nvarchar(2), A.PermissionID) IN ('5','6','7','8'))

Here's the content of my Permission table

    Permission
--------------------------------
Permission   Permission    Application    Permission
ID           Group         ID             Name
4         1              1            VISA_APPLICATION_DELETE
5         1              1            VISA_APPLICATION_PRINT
6         4              10           APPLICATION_ADD   
7         4              10           APPLICATION_EDIT
8         4              10           APPLICATION_DELETE
9         4              10           APPLICATION_VIEW

Here's the content of my UserPermissions Table

UserPermissions
--------------------------
UserPermission      UserID    Permissions
ID
2           1         5,6,7,8   -> I tried to change it manually to this format ('5','6','7','8') but to no avail.

Answer 1

Why do I suspect that permissions looks like a string "5, 6, 7, 8". I would expect the query to be "where PermisionId in (Select PermissionId from . . . )", rather than (select Permissions).

Assuming this is the case, the following version of the query should fix your problem:

SELECT A.PermissionGroupID, A.ApplicationID, CONVERT(nvarchar(5),A.PermissionID) AS Permission,
       A.PermissionName, B.PermissionGroupName, C.ApplicationName
FROM Permission A JOIN
     PermissionGroup B
     ON A.PermissionGroupID = B.PermissionGroupID LEFT JOIN
     Application AS C
     ON A.ApplicationID = C.ApplicationID cross JOIN
     (SELECT Permissions
      FROM UserPermissions
      WHERE UserID = 1
     ) p1
WHERE (A.Active = 1) AND
      charindex(','+CONVERT(nvarchar(2)+',', A.PermissionID)+',', ','+p1.Permissions+',') > 0

Note I prepend and append the comma so "1" does not match "15". Also, this assumes that there is only one row in UserPermissions per user.

By the way, you should fix your schema so UserPermissions has a separate row for each user and permission, so your original formulation would work.

Answer 2

From comments I see that you worry about performance. Performance issues are due to the fact that you store a comma separated string of values where you should have one row for each value.
Change table UserPermissions to something like this.

create table UserPermissions
(
  UserID int references Users(UserID),
  PermissionID int references Permission(PremissionID),
  primary key (UserID, PermissionID)
)

And your query should be...

SELECT A.PermissionGroupID,
       A.ApplicationID, 
       A.PermissionID,
       A.PermissionName,
       B.PermissionGroupName,
       C.ApplicationName 
FROM Permission AS A 
  JOIN PermissionGroup AS B 
    ON A.PermissionGroupID = B.PermissionGroupID 
  LEFT JOIN Application AS C 
    ON A.ApplicationID = C.ApplicationID 
WHERE A.Active = 1 AND 
      A.PermissionID IN (SELECT PermissionID 
                         FROM UserPermissions 
                         WHERE UserID = 1)