SQL Server 2016 Security – Row Level Security with Normalized Schema

sql serversql-server-2016

SQL Server 2016 supports row level security, which is great. However all of the samples assume that the username is inside the table you wish to apply security to (see example below- from MSDN https://msdn.microsoft.com/en-us/library/dn765131.aspx).

CREATE FUNCTION Security.fn_securitypredicate(@SalesRep AS sysname)
RETURNS TABLE
WITH SCHEMABINDING
AS
    RETURN SELECT 1 AS fn_securitypredicate_result 
WHERE @SalesRep = USER_NAME() OR USER_NAME() = 'Manager';
GO

CREATE SECURITY POLICY SalesFilter
ADD FILTER PREDICATE Security.fn_securitypredicate(SalesRep) 
ON dbo.Sales
WITH (STATE = ON);

If I had a more normalised schema, my username would be in a separate table, using an ID as a foreign key. In this situation, how would I use row level security to check for a user name? Can I add a join to the filter predicate?

Best Answer

The function can have table access, just remember that this will add additional overhead to every single query.

CREATE FUNCTION Security.fn_securitypredicate(@SalesRepID INT)
RETURNS TABLE
WITH SCHEMABINDING
AS
    RETURN SELECT 1 AS fn_securitypredicate_result 
      FROM dbo.SalesReps AS sr
      WHERE sr.SalesRepID = @SalesRepID
       AND (sr.name = USER_NAME() OR sr.name = 'Manager');
GO

Related Solutions

Sql-server – PAD_INDEX and FILLFACTOR on clustered Identity index

PAD_INDEX only applies to non leave level pages. By default those are filled full.

So specifying PAD_INDEX=ON together with FILLFACTOR is only useful when you specify a fillfactor smaller then 100%.

In your case, specifying PAD_INDEX is not necessary, since by default your leave pages are how you want them. Full.

Sql-server – How to use HTTP Connection Manager in Script Component? (Not Script Task)

i know it's been a while since the question but i found a possible solution.

This link provides an explanation and examples of how to use the connections available in the connection manager enabled for the Script Component in the SSIS https://msdn.microsoft.com/en-us/library/ms136060.aspx

The portion of code that we are interested is this:

IDTSConnectionManager100 connMgr;
HttpClientConnection100 hcc;

IDTSComponentMetaData100 compMetadata = this.ComponentMetaData; //Just for output purposes.       

connMgr = this.Connections.MyWebServer;

hcc = (HttpClientConnection100)cm.AcquireConnection(null);
compMetadata.FireInformation(1, "Message: ", "URL: " + hcc.ServerURL + " User: " + hcc.ServerUserName + " Pwd: " + hcc.GetServerPassword(), "", 0, ref fail);

Best Answer

Related Solutions

Sql-server – PAD_INDEX and FILLFACTOR on clustered Identity index

Sql-server – How to use HTTP Connection Manager in Script Component? (Not Script Task)

Related Question