Presentation is loading. Please wait.

Presentation is loading. Please wait.

Implementing Row Level Security (RLS)

Published byDiane Washington Modified over 5 years ago

Similar presentations

Presentation on theme: "Implementing Row Level Security (RLS)"— Presentation transcript:

1 Implementing Row Level Security (RLS)
Christian Araujo Implementing Row Level Security (RLS)

2 Agradecimiento a los patrocinadores
Gold Silver Geek

3 About Me MCSE Data management & Analytics MCSA Database Administration SQL 2016 Manager Database Architecture & Compliance (Conduent)

4 Agenda Overview Use Cases How it works Syntax Demo Best Practices
Questions

5 Row Level Security (RLS)
Released with SQL Server 2016 First released with Azure and then introduced with the On-premises version. Row-Level Security enables customers to control access to rows in a database table based on the characteristics of the user executing a query (e.g., group membership or execution context). Uses security predicates Filter predicates silently filter the rows available to read operations (SELECT, UPDATE, and DELETE). Block predicates explicitly block write operations (AFTER INSERT, AFTER UPDATE, BEFORE UPDATE, BEFORE DELETE) that violate the predicate.

6 Row Level Security (RLS)
Use cases Hospital (HIPAA) Banks (PCI-DSS) Multi-tenant application Security repositories (PCI-DSS) BI Solutions (Power BI) Permissions Creating, altering, or dropping security policies requires the ALTER ANY SECURITY POLICY permission. Creating or dropping a security policy requires ALTER permission on the schema.

7 How RLS works?

8 Syntax CREATE FUNCTION AS sysname) RETURNS TABLE WITH SCHEMABINDING AS RETURN SELECT 1 AS fn_securitypredicate_result = USER_NAME() OR USER_NAME() = 'Manager’;

9 Syntax CREATE SECURITY POLICY SalesFilter ADD FILTER PREDICATE Security.fn_securitypredicate(SalesRep) ON dbo.Sales WITH (STATE = ON);

10 DEMO

11 RLS Best Practices Creating, altering, or dropping security policies requires the ALTER ANY SECURITY POLICY permission. Creating or dropping a security policy requires ALTER permission on the schema. Avoid type conversions in predicate functions to avoid potential runtime errors. Avoid recursion in predicate functions wherever possible to avoid performance degradation. The query optimizer will try to detect direct recursions, but is not guaranteed to find indirect recursions (i.e., where a second function calls the predicate function). Avoid using excessive table joins in predicate functions to maximize performance. Predicate functions should not implicitly convert character strings to date, smalldatetime, datetime, datetime2, or datetimeoffset, or vice versa, because these conversions are affected by the SET DATEFORMAT (Transact-SQL) and SET LANGUAGE (Transact-SQL) options. Instead, use the CONVERT function and explicitly specify the style parameter.

12 Questions

13 Examples

Download ppt "Implementing Row Level Security (RLS)"

Similar presentations

Basic SQL Introduction Presented by: Madhuri Bhogadi.

Basic SQL Introduction Presented by: Madhuri Bhogadi.
Prligence Empowering Intelligence All About Fine Grained Access Control by Arup Nanda.

Prligence Empowering Intelligence All About Fine Grained Access Control by Arup Nanda.
SQL Forms Engine Koifman Eran Egri Ozi Supervisor: Ilana David.

SQL Forms Engine Koifman Eran Egri Ozi Supervisor: Ilana David.
Agenda Journalling More Embedded SQL. Journalling.

Agenda Journalling More Embedded SQL. Journalling.
DAVID M. KROENKE’S DATABASE PROCESSING, 10th Edition © 2006 Pearson Prentice Hall 7-1 David M. Kroenke’s Chapter Seven: SQL for Database Construction and.

DAVID M. KROENKE’S DATABASE PROCESSING, 10th Edition © 2006 Pearson Prentice Hall 7-1 David M. Kroenke’s Chapter Seven: SQL for Database Construction and.
Introduction to Databases Chapter 6: Understanding the SQL Language.

Introduction to Databases Chapter 6: Understanding the SQL Language.
Functions Lesson 10. Skills Matrix Function A function is a piece of code or routine that accepts parameters and stored as an object in SQL Server. The.

Functions Lesson 10. Skills Matrix Function A function is a piece of code or routine that accepts parameters and stored as an object in SQL Server. The.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 6 Virtual Private Databases.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 6 Virtual Private Databases.
CSIS 4310 – Advanced Databases Virtual Private Databases.

CSIS 4310 – Advanced Databases Virtual Private Databases.
+ Administering Microsoft SQL Server 2012 Databases Implementing a Data Warehouse with Microsoft SQL Server 2012 + = Querying Microsoft SQL.

+ Administering Microsoft SQL Server 2012 Databases Implementing a Data Warehouse with Microsoft SQL Server = Querying Microsoft SQL.
Chapter 7 Advanced SQL Database Systems: Design, Implementation, and Management, Sixth Edition, Rob and Coronel.

Chapter 7 Advanced SQL Database Systems: Design, Implementation, and Management, Sixth Edition, Rob and Coronel.
Course Topics Administering SQL Server 2012 Jump Start 01 | Install and Configure SQL Server04 | Manage Data 02 | Maintain Instances and Databases05 |

Course Topics Administering SQL Server 2012 Jump Start 01 | Install and Configure SQL Server04 | Manage Data 02 | Maintain Instances and Databases05 |
TSQL Improvements & Data Types SQL Server 2008 TSQL Improvements & Data Types Presented by Tarek Ghazali IT Technical Specialist Microsoft SQL Server MVP,

TSQL Improvements & Data Types SQL Server 2008 TSQL Improvements & Data Types Presented by Tarek Ghazali IT Technical Specialist Microsoft SQL Server MVP,
Graeme Malcolm | Senior Content Developer, Microsoft Geoff Allix | Principal Technologist, Content Master.

Graeme Malcolm | Senior Content Developer, Microsoft Geoff Allix | Principal Technologist, Content Master.
Module 11: Programming Across Multiple Servers. Overview Introducing Distributed Queries Setting Up a Linked Server Environment Working with Linked Servers.

Module 11: Programming Across Multiple Servers. Overview Introducing Distributed Queries Setting Up a Linked Server Environment Working with Linked Servers.
5/24/01 Leveraging SQL Server 2000 in ColdFusion Applications December 9, 2003 Chris Lomvardias SRA International

5/24/01 Leveraging SQL Server 2000 in ColdFusion Applications December 9, 2003 Chris Lomvardias SRA International
Triggers A Quick Reference and Summary BIT 275. Triggers SQL code permits you to access only one table for an INSERT, UPDATE, or DELETE statement. The.

Triggers A Quick Reference and Summary BIT 275. Triggers SQL code permits you to access only one table for an INSERT, UPDATE, or DELETE statement. The.
SQL SQL Server : Overview SQL : Overview Types of SQL Database : Creation Tables : Creation & Manipulation Data : Creation & Manipulation Data : Retrieving.

SQL SQL Server : Overview SQL : Overview Types of SQL Database : Creation Tables : Creation & Manipulation Data : Creation & Manipulation Data : Retrieving.
Copyright © 2013 Curt Hill Database Security An Overview with some SQL.

Copyright © 2013 Curt Hill Database Security An Overview with some SQL.
FEN 2014-02-061  Data Definition: CREATE TABLE, ALTER TABLE  Data Manipulation: INSERT, UPDATE, DELETE  Queries: SELECT SQL: Structured Query Language.

FEN  Data Definition: CREATE TABLE, ALTER TABLE  Data Manipulation: INSERT, UPDATE, DELETE  Queries: SELECT SQL: Structured Query Language.

Similar presentations

Ads by Google