Post reply

Introduction to Row Level Security in SQL 2016

  • July 13, 2016 at 9:50 pm

    #309047

    Comments posted to this topic are about the item Introduction to Row Level Security in SQL 2016

    _______________________________________________________________
    To get quick answer follow this link:
    http://www.sqlservercentral.com/articles/Best+Practices/61537/

  • July 14, 2016 at 5:56 am

    #1890059

    Is it just me, or does the RLS implementation by Microsoft seem too complex? Why not just set your RLS in a view like the ssis team did with the ssisdb in SQL 2012? It seems like it would be a lot easier to manage and way more transparent than a security policy and predicate that get buried in internal MS tables.

    Am I missing something here?

  • July 14, 2016 at 4:29 pm

    #1890212

    I think the "internal" version of the query in the article. was wrong. It was:

    SELECT * FROM dbo.Person

    WHERE User_Name() = 'User_CS'

    That would return all rows if executed by User_CS

    I think you meant:

    SELECT * FROM dbo.Person

    WHERE User_Access = 'User_CS'

    Or, maybe:

    SELECT * FROM dbo.Person

    WHERE User_Access = User_Name()

    which amounts to the same thing in this case.

  • July 15, 2016 at 2:48 am

    #1890244

    Maybe I'm missing something, but can you control access on a hierarchy basis?

    This looks to me like you either only see your dept's data or everything. I'm thinking about everyday applications where you might have a manager requiring access to more than a single team's data.

  • July 15, 2016 at 4:08 am

    #1890257

    Your access function could have logic built in to check hierarchies. The function can do a whole lot more than just compare user names.

  • July 15, 2016 at 4:20 am

    #1890263

    It would be good to see an example of this as I think this would be a more practical example.

  • July 17, 2016 at 2:30 am

    #1890480

    Not sure I understand how this works. When you are running these SELECT statements which login are you using (signed in as USER1, etc.). Is the security level ("SELECT * FROM dbo.Person

    WHERE User_Name() = 'User_CS'"), based on the fact that other users ("USER_CS", "USER_IT", "USER_EC") do not know the other user names? Does USER_CS Login as USER_CS; how are these USER_NAMES attached to User Login's (the USER_Names are created WITHOUT LOGIN).:unsure:http://www.sqlservercentral.com/Forums/Skins/Classic/Images/EmotIcons/Unsure.gif

Viewing 7 posts - 1 through 7 (of 7 total)

You must be logged in to reply to this topic. Login to reply

Cookies on SQLServerCentral

This website stores cookies on your computer.

These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media.

To find out more about the cookies we use, see our Privacy Policy