Solved: Re: Row level security security issues

ElisaT · ‎09-30-2020

Hello everyone,
I have a problem that drives me creasy. I want to use RLS on my models but the cloud security team of the headquarter of my customer block me because they consider it insecure.
They don't provide me any evidence of insecureness.
Do any ones know potential security issues on RLS?
My customer has a Premium license.

Thanks for your time

v-diye-msft · ‎10-01-2020

Hi @ElisaT

Based on the elaboration of @Anonymous , Row-Level Security (RLS) simplifies the design and coding of security in your application. RLS helps you implement restrictions on data row access. and the access restriction logic is located in the database tier rather than away from the data in another application tier. The database system applies the access restrictions every time that data access is attempted from any tier. This makes your security system more reliable and robust by reducing the surface area of your security system.

Implement RLS by using the CREATE SECURITY POLICYTransact-SQL statement, and predicates created as inline table-valued functions.

Community Support Team _ Dina Ye
If this post helps, then please consider Accept it as the solution to help the other members find it more
quickly.

View solution in original post

v-diye-msft · ‎10-01-2020

Hi @ElisaT

Based on the elaboration of @Anonymous , Row-Level Security (RLS) simplifies the design and coding of security in your application. RLS helps you implement restrictions on data row access. and the access restriction logic is located in the database tier rather than away from the data in another application tier. The database system applies the access restrictions every time that data access is attempted from any tier. This makes your security system more reliable and robust by reducing the surface area of your security system.

Implement RLS by using the CREATE SECURITY POLICYTransact-SQL statement, and predicates created as inline table-valued functions.

Community Support Team _ Dina Ye
If this post helps, then please consider Accept it as the solution to help the other members find it more
quickly.

ElisaT · ‎10-02-2020

Thank you @v-diye-msft and @Anonymous

Anonymous · ‎09-30-2020

@ElisaT The issue is probably related to the fact that data security is dependent on the Reporting team and the model which takes the control of that access and puts it in another place. Depending on level of security of the data... they're either over reacting, or you have extremely tight controls on the data and only certain teams have the appropriate permission allow access to it.

I've never encountered issues with the security itself, its largely the configuration in the model that is most prone to error. That has to be set up the right way to ensure access is granted appropriately.

Ironically... is that team fully controlling all data access and shutting down Excel? For as much as certain teams love controlling things, I'm always astounded how up in arms they get about certain things while the entire business passes around Excel files of data in and out of the company with no monitoring.