locked
Row level security RRS feed

  • Question

  • I have a question about the row level security. I want to give a row level permission using AD-groups. The problem is that I have at least hundreds of groups and the number might change tu more or less. 

    So if I want to use row level security with many AD-groups, it makes so much configuring.

    Any ideas what is the best way to give a row level permissions based on many AD-groups?

    Thursday, March 1, 2018 12:29 PM

Answers

  • Hi 2xTsei,

    >> Any ideas what is the best way to give a row level permissions based on many AD-groups?

    I have no environment as yours to test row level permissions, but I find RLS Samples about row level permission based on AD group (RLS-Hospital-Builtin-Demo.sql) for your reference, click to see if it helps.

    If you have any other questions, please let me know.

    Regards,

    Hannah

    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Friday, March 2, 2018 10:06 AM
  • Rather than giving row level permission you could use the filtered views and give permission on them.
    Friday, March 2, 2018 11:00 AM
  • Hi,

    You can implement it with the help of Predicate & functions, please check the link below

    Row Level Security


    Cheers,

    Amit Tomar

    ---------------------------------------------------

    Please mark this as answer if it solved your query

    Please vote this as helpful if it solved your query

    ---------------------------------------------------

    My Blog My Wiki Page

    Monday, March 5, 2018 5:49 AM

All replies

  • Hi 2xTsei,

    >> Any ideas what is the best way to give a row level permissions based on many AD-groups?

    I have no environment as yours to test row level permissions, but I find RLS Samples about row level permission based on AD group (RLS-Hospital-Builtin-Demo.sql) for your reference, click to see if it helps.

    If you have any other questions, please let me know.

    Regards,

    Hannah

    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Friday, March 2, 2018 10:06 AM
  • Rather than giving row level permission you could use the filtered views and give permission on them.
    Friday, March 2, 2018 11:00 AM
  • The question I have is what is your security predicate for the rows need to be. If you can formulate it, you probably can use row level security. A row level security predicate can access tables as well as system functions, so that is a way to build complex conditions. Can you share, at an abstract level, what your general security policy will be to segment data? Then we can see if it seems reasonable to do using the Row Level Security feature (or something very similar if you are using something before 2016, though I think not based on your question.)

    Louis

    Without good requirements, my advice is only guesses. Please don't hold it against me if my answer answers my interpretation of your questions.

    Saturday, March 3, 2018 1:46 AM
  • Hi,

    You can implement it with the help of Predicate & functions, please check the link below

    Row Level Security


    Cheers,

    Amit Tomar

    ---------------------------------------------------

    Please mark this as answer if it solved your query

    Please vote this as helpful if it solved your query

    ---------------------------------------------------

    My Blog My Wiki Page

    Monday, March 5, 2018 5:49 AM