Database Administrators Stack Exchange
Database Administrators Stack Exchange

Questions tagged [row-level-security]

Row-Level Security enables you to use group membership or execution context to control access to rows in a database table.

Database rules that prevent credentials from accessing some data in some rows while also allowing access to data in other rows of the same table object.

Application logic determining which sessions can access what data is not applicable to this tag.

Row level security is currently unsupported natively in MariaDB

55 questions
17
votes
1 answer

Undesirable Nest Loop vs. Hash Join in PostgreSQL 9.6

I've a trouble with PostgreSQL 9.6 query planning. My query looks like this: SET role plain_user; SELECT properties.* FROM properties JOIN entries_properties ON properties.id = entries_properties.property_id JOIN structures ON structures.id =…
Yury Lysogorskiy
  • 173
  • 1
  • 1
  • 4
12
votes
1 answer

SQL Server Row by Row Access

I have a table structured as so (Simplified) Name, EMail, LastLoggedInAt I have a user in SQL Server (RemoteUser) that should only be able to see data (Via a select query) where the LastLoggdInAt field is not null. It looks like I can do this? Is…
LiamB
  • 287
  • 1
  • 7
8
votes
1 answer

Webapp & MySQL: Row Level Security

I am trying to emulate row level security on a webapp I am developing using MySQL. Using this method: Creating a database with the the required tables where the data pertaining to all the users will be stored with proper indexing of columns of the…
ThinkingMonkey
  • 585
  • 2
  • 6
  • 18
6
votes
2 answers

IS_MEMBER() in Azure SQLDB not working for AD groups?

I am trying set up RLS and want to leverage AD groups. DB is created in Azure, and I know AD is working as I can connect using AD acount with SSMS First test Local Machine, is working as expected (img 1) Now try Azure The IS_MEMBER() appears to…
Mark West
  • 61
  • 3
6
votes
0 answers

Roles and policies in Postgresql 9.5 row-level security

Following the the info in posts like these i would like to use the role system and policies, i.e. each user in my system would have a db role. I want to model the following properties but i can't come up with a role hierarchy. Consider the following…
Ruslan Talpa
  • 211
  • 1
  • 5
5
votes
1 answer

Row Level security or Multiple Tables

Im looking for documentation on best practices for the following scenario. A hosted application contains some "global" data and some "Per-tenant" data. A "Tenant" should have no access to another tenant's tables, and I'd like this to be enforced at…
Johan
  • 573
  • 2
  • 7
  • 17
5
votes
2 answers

Postgres Row Level Security policy optimizes poorly compared to inline version

I have a query which looks like this: SELECT post.id, post.author_id, post.published_at, post.content FROM post WHERE post.group_id = 1 ORDER BY post.published_at DESC, post.id LIMIT 5; This query has an index on (group_id, published_at…
Calebmer
  • 51
  • 3
5
votes
2 answers

Row level security with a single DB user and connection pooling

I'm using node-postgres to connect to a PostgreSQL 9.6 database with connection pooling enabled. All connections user the same database user. One reason I can't use multiple DB users is that as far as I read, row level security and views don't work…
Mad Scientist
  • 990
  • 9
  • 17
4
votes
1 answer

Row level security and physical user creation is it an overhead

The database that I am currently working has RLS implemented as suggested in Microsoft blogs and a few user blogs. Example: creating a physical user and EXEC AS USER and selecting from tables for the user selected and REVERT CREATE USER User1…
Aparna
  • 41
  • 2
4
votes
1 answer

Pros and cons of row level security Microsoft SQL Server

What are the pros and cons of row level security? We are porting a database from a desktop app to a web app and want to know the best way to make sure sensitive data is secured. For our application there will be a limited number of users logging…
Thor Russell
  • 43
  • 1
  • 3
4
votes
0 answers

Postgresql row-level security generates different query plan from manually inserted WHERE clause

(Copied from my post to the postgresql mailing list https://www.postgresql.org/message-id/CADBa3wZpuYXwdry2g68NxYmAXOPvx0DLvdAU4kdo2GoPtxKu+Q@mail.gmail.com. Unfortunately I need at least 10 reputation to post more than 2 links so please refer to…
Charles Cooper
  • 153
  • 4
3
votes
2 answers

Non parallel plan only in Azure when SESSION_CONTEXT is used

I'm observing strange difference between query plans that I'm getting on my local machine and on Azure SQL. I'm trying to implement row level security, where I read user identifier from SESSION_CONTEXT and then in TVF I check whether the user has…
Lukas.Navratil
  • 233
  • 2
  • 7
3
votes
1 answer

ERROR: row is too big: size XXX, maximum size 8160 - related to pg_policies table

When trying to CREATE POLICY there is the following error: ERROR: row is too big: size XXX, maximum size 8160 Is there a size limitation on the pg_policies table? Can that be enlarged or maybe it was bad practice to write so many conditions with…
noam steiner
  • 145
  • 4
3
votes
2 answers

SQLServer Row level security - Enforce from within database

Have a multi-tenant app running on a single SQL Server 2016 db. I have a RLS (row level security ) predicate on customer_id (unique for each tenant) and the column exists in all tables. CREATE FUNCTION dbo.[RLSPredicate] (@CustomerId…
Amam
  • 369
  • 1
  • 4
  • 10
3
votes
1 answer

How to do Row Level Security in SSRS 2008 R2 (or 2012) with Active Directory Groups?

I would like to create a single report that filters data based on what Active Directory group the user is in. Through various searches I see that Row Level Security is possible in SSRS in the Report Model. However, I can't seem to find any…
Matt Penner
  • 131
  • 1
  • 4
1
2 3 4