SQL 2016 is right around the corner and one of the new security enhancements promised is Row-Level security for tables. It’s a great new feature and pretty easy to implement. I have created a simple demo that gives various users access to data based on specific clearance level to the data. Feel free to modify the code and play around with it how to see fit. There are many different ways to setup Row-Level security and this is just one scenario. One of the things you’ll notice if you go through the scripts below is that the dbo user does not have access to the data after the the security policy is applied. This is key for many environments where customers do not want administrators to have access to sensitive data. Of course anyone with good coding skills and the proper permissions could circumvent that, but that’s why we put auditing measures in place :)
I’ve broken up the code into three sections. The first is for setting up the database and permissions. The second section creates the tables in the database and puts test data in them. The third section is for the creation of the function and security policy which enables Row-Level Security. After creating the function and security policy, go back to the second section and re-run the select statements to see the security policy in action. This demo was created on SQL 2016 CTP 2.2. If you are interested in learning more about Row-Level Security and to see some other demos please refer to this webinar from PASS.