SQL Server - Row Level Security

Data Security is a priority for all organizations.  While Oracle has had row-level security (aka Virtual Private Database) for many, many years Microsoft has just now added this important feature.

Row-Level Security (RLS) feature with SQL Server 2016 is a centralized security feature within the database and allows you to maintain a consistent data access policy and reduce the risk of accidental data leakage.  By “consistent data access policy” it means you define it one time, at the database level, and then all Reports, Queries, Stored Procedures, Functions, etc all get the benefit.

Below we see four different users all using the same Client App.  The Client App simply executes a "SELECT * FROM BLOGS".  However, a function on the SQL Server side will filter the records so each user only sees the rows/records they are allowed to see.  The beauty is the Client App needed zero modifications.  Additionally, any reports, stored procedures and queries the users run also do not need to be modified.

You no longer have to recreate row-level security in all your different apps, queries, and reports.  RLS works transparently and gives the ability to control both read and writes operations to specific rows of data.  It supports flexible access criteria meaning Fine-Grained Access Control on your database and could help support industry compliance policies.