Row-level security (RLS)
It is used to control access to rows.
RLS is made up of 3 elements:
1. Predicate function used to setup the logic of access control
2. Security predicate used to decide action of control (Filter or Block)
3. Security policy is a container for a set of security predicate.
Prepare for example
We also create a database and table for example
Predicate function
Microsoft recommend create a separate schema for predicate function.
Within predicate function is the logic of our access control.
In the following, we will create a predicatre function named “AccessPredicate”
it depend on the value of “Provider” column.
User can view,update the row which is provided by themself.
Create Security Policy
How to test the policy
We can use “EXECUTE AS USER = ‘<USER’s name>’ to test the policy
Since we need to test the policy as this order. (Boss > Manager > Slave)
We need to grant permission to Boss to mimic Manager and Manager to mimic Slave.
If not, we need to use separate sessions to test the policy.