UFN_PROXYUSER_CHECKCONSTITUENTSECURITYRIGHTS

            create function dbo.UFN_PROXYUSER_CHECKCONSTITUENTSECURITYRIGHTS(@APPUSERID uniqueidentifier, @SYSTEMROLEID uniqueidentifier, 
            @CONSTITUENTSECURITYMODECODE tinyint, @CONSTITUENTSECURITYGROUPS xml, @PROXYOWNERID uniqueidentifier)
            returns bit
            with execute as caller
            as begin

                    declare @HASREQUIREDCONSTITUENTSECURITYPERMISSION bit = 0;
                    declare @PROXYOWNERCONSTITUENTSECURITYMODE varchar(50) = null;
                    declare @CONSTITUENTSECURITYGROUPSID nvarchar(max) = null;
                    declare @CONSTITUENTSECURITYGROUPSCOUNT int = 0;

                    select @PROXYOWNERCONSTITUENTSECURITYMODE = CONSTITUENTSECURITYMODECODE from dbo.SYSTEMROLEAPPUSER 
                    where APPUSERID=@PROXYOWNERID and SYSTEMROLEID=@SYSTEMROLEID;

                    --CONSTITUENTSECURITYMODECODE = 0 = All Records

                    --CONSTITUENTSECURITYMODECODE = 1 = Records with no security group assigned

                    --CONSTITUENTSECURITYMODECODE = 2 = Records with one of these security groups


                    if @PROXYOWNERCONSTITUENTSECURITYMODE = 0 
                        begin
                            set @HASREQUIREDCONSTITUENTSECURITYPERMISSION = 1;
                        end
                    else if @CONSTITUENTSECURITYMODECODE = 1 and @PROXYOWNERCONSTITUENTSECURITYMODE = 1 
                        begin
                            set @HASREQUIREDCONSTITUENTSECURITYPERMISSION = 1;
                        end
                    else if ( @CONSTITUENTSECURITYMODECODE = 2 and @PROXYOWNERCONSTITUENTSECURITYMODE = 2)
                        begin
                            declare @CONSTITUENTSECURITYGROUPSTABLE table (CONSTITUENTSECURITYATTRIBUTEID uniqueidentifier)

                            insert into @CONSTITUENTSECURITYGROUPSTABLE
                            select t.x.value('CONSTITUENTSECURITYATTRIBUTEID[1]','uniqueidentifier') 
                            from @CONSTITUENTSECURITYGROUPS.nodes('/CONSTITUENTSECURITYGROUPS/ITEM') t(x)

                            select @CONSTITUENTSECURITYGROUPSCOUNT = count(1) from @CONSTITUENTSECURITYGROUPSTABLE

                            If ((select count(1) from   SYSTEMROLEAPPUSERCONSTITUENTSECURITY 
                                inner join dbo.SYSTEMROLEAPPUSER on SYSTEMROLEAPPUSER.ID = SYSTEMROLEAPPUSERCONSTITUENTSECURITY.SYSTEMROLEAPPUSERID
                                inner join @CONSTITUENTSECURITYGROUPSTABLE as CONSTITUENTSECURITYGROUPSTABLE 
                                on SYSTEMROLEAPPUSERCONSTITUENTSECURITY.CONSTITUENTSECURITYATTRIBUTEID = CONSTITUENTSECURITYGROUPSTABLE.CONSTITUENTSECURITYATTRIBUTEID
                                where SYSTEMROLEAPPUSER.APPUSERID=@PROXYOWNERID and SYSTEMROLEAPPUSER.SYSTEMROLEID=@SYSTEMROLEID)>=@CONSTITUENTSECURITYGROUPSCOUNT)
                                    begin
                                        set @HASREQUIREDCONSTITUENTSECURITYPERMISSION = 1;
                                    end
                        end

                return @HASREQUIREDCONSTITUENTSECURITYPERMISSION
            end