News

Row Level Security Comes to Microsoft's Cloud SQL Database

• By Jeffrey Schwartz
• 08/24/2015

Microsoft announced that its SQL Database now supports row level security (RLS).

RLS lets administrators provide row-level access to data based on a user's identity or role.

The company released the RLS feature in its Azure SQL Database last week. RLS will appeal to organizations looking to restrict access to financial data based on an employee's region and role, ensure specific tenants of a multitenant app can only access their own roles of data and it allows analysts to query various subsets based on their position, according to Tommy Mullaney, Microsoft's program manager for SQL Database.

"RLS enables you to store data for many users in a single database and table, while at the same time restricting row-level access based on a user's identity, role, or execution context," Mullaney said in a blog post. "RLS centralizes access logic within the database itself, which simplifies and reduces the risk of error in your application code."

In his post, Mullaney shared how SharePoint workflow vendor K2 Architect Grant Dickinson was able to ensure it was enforcing security and policies across all database vectors. Before implementing RLS, his team had to use query predicates but that mode of enforcing security was "onerous and prone to bugs," according to Dickinson.

"Furthermore, the data access layer and business logic are able to evolve independently from the RLS policy logic; this separation of concerns improves code quality," he said. "The developers could use a policy language they were familiar with -- T-SQL  -- and as such we were productive on RLS from day one."

Microsoft's Mullaney said it plans to add new RLS capabilities through its iterative development and deployment process.