July 13, 2016 at 9:50 pm
Comments posted to this topic are about the item Introduction to Row Level Security in SQL 2016
_______________________________________________________________
To get quick answer follow this link:
http://www.sqlservercentral.com/articles/Best+Practices/61537/
July 14, 2016 at 5:56 am
Is it just me, or does the RLS implementation by Microsoft seem too complex? Why not just set your RLS in a view like the ssis team did with the ssisdb in SQL 2012? It seems like it would be a lot easier to manage and way more transparent than a security policy and predicate that get buried in internal MS tables.
Am I missing something here?
July 14, 2016 at 4:29 pm
I think the "internal" version of the query in the article. was wrong. It was:
SELECT * FROM dbo.Person
WHERE User_Name() = 'User_CS'
That would return all rows if executed by User_CS
I think you meant:
SELECT * FROM dbo.Person
WHERE User_Access = 'User_CS'
Or, maybe:
SELECT * FROM dbo.Person
WHERE User_Access = User_Name()
which amounts to the same thing in this case.
July 15, 2016 at 2:48 am
Maybe I'm missing something, but can you control access on a hierarchy basis?
This looks to me like you either only see your dept's data or everything. I'm thinking about everyday applications where you might have a manager requiring access to more than a single team's data.
July 15, 2016 at 4:08 am
Your access function could have logic built in to check hierarchies. The function can do a whole lot more than just compare user names.
July 15, 2016 at 4:20 am
It would be good to see an example of this as I think this would be a more practical example.
July 17, 2016 at 2:30 am
Not sure I understand how this works. When you are running these SELECT statements which login are you using (signed in as USER1, etc.). Is the security level ("SELECT * FROM dbo.Person
WHERE User_Name() = 'User_CS'"), based on the fact that other users ("USER_CS", "USER_IT", "USER_EC") do not know the other user names? Does USER_CS Login as USER_CS; how are these USER_NAMES attached to User Login's (the USER_Names are created WITHOUT LOGIN).:unsure:http://www.sqlservercentral.com/Forums/Skins/Classic/Images/EmotIcons/Unsure.gif
Viewing 7 posts - 1 through 7 (of 7 total)
You must be logged in to reply to this topic. Login to reply
This website stores cookies on your computer.
These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media.
To find out more about the cookies we use, see our Privacy Policy