Row-Level Security
In the first part of this chapter, you learned about permissions on database objects, including objects with data, namely tables, views, and table-valued, user-defined functions. Sometimes you need to give permissions to end users in a more granular way. For example, you might need to give permissions to a specific user to read and update only a subset of columns in the table, and to see only a subset of rows in a table.
You can use programmable objects, such as stored procedures, to achieve these granular permission needs. You can use declarative permissions with DCL statements (GRANT
, REVOKE
, and DENY
) on the column level already available in previous versions of SQL Server. However, SQL Server 2016 and 2017 also offer declarative Row-Level Security, abbreviated to RLS. In this section, you will learn how to:
- Use programmable objects to maintain security
- Use SQL Server 2016 and 2017 RLS
Using programmable objects to maintain security
In Transact-SQL, you can write views...