Uploaded byBoris Hristov
Securing SQL Azure DB? How?
The document outlines a presentation by Boris Hristov, an SQL Server MVP, on securing SQL Azure databases, highlighting features like dynamic data masking and row-level security. It emphasizes the capabilities to mask sensitive data and control user access to rows based on security policies. Additionally, it mentions upcoming events related to SQL Server, including SQL Saturday #384 in Varna.
Securing SQL Azure DB? How?
- 1. April 25 Boris Hristov,SQL Server MVP Securing SQL Azure DB?
- 2. Thanks to ourSponsors: Global Sponsor: Platinum Sponsors: Swag Sponsors: Media Partners: With the support of:
- 3. So who amI? @BorisHristov
- 4. That’s not amarketing talk! Disclaimer:
- 5. time coolness Session’s Timeline Dynamic DataMasking Row Level Security
- 6.
- 7.
- 8. SELECT * FROM dbo.Customers custidFirstNam e LastName PhoneNumber EmailAddress CreditcardNumber 1 Boris Hristov +359889000000 brshristov@live.com 1111-1111-1111-1111 2 Ivan Donev +359889000000 idonev@live.com 2222-2222-2222-2222 3 Stanislav Zhelyaskov +359889000000 szhelyaskov@live.com 3333-3333-3333-3333 4 Ivan Minchev +359889000000 iminchev@live.com 4444-4444-4444-4444
- 9. custid FirstNam e LastName PhoneNumbe r EmailAddressCreditcardNumber 1 Boris Hristov +359889000000 bxx@xxxx.com xxxx-xxxx-xxxx-1111 2 Ivan Donev +359889000000 ixxx@xxxx.com xxxx-xxxx-xxxx-2222 3 Stanislav Zhelyaskov +359889000000 sxx@xxxx.com xxxx-xxxx-xxxx-3333 4 Ivan Minchev +359889000000 ixx@live.com xxxx-xxxx-xxxx-4444 SELECT * FROM dbo.Customers
- 10.
- 11.
- 12.
- 13.
- 14. SELECT * FROMdbo.Orders orderid custid orderdate shipdate shipcountry 1 1 4/20/2015 20:15:49 4/20/2015 20:15:49 Bulgaria 2 1 4/20/2015 20:15:49 4/20/2015 20:15:49 Norway 3 2 4/20/2015 20:15:49 4/20/2015 20:15:49 Norway 4 2 4/20/2015 20:15:49 4/20/2015 20:15:49 Bulgaria 5 3 4/20/2015 20:15:49 4/20/2015 20:15:49 Bulgaria
- 15. SELECT * FROMdbo.Orders orderid custid orderdate shipdate shipcountry 1 1 4/20/2015 20:15:49 4/20/2015 20:15:49 Bulgaria 4 2 4/20/2015 20:15:49 4/20/2015 20:15:49 Bulgaria 5 3 4/20/2015 20:15:49 4/20/2015 20:15:49 Bulgaria
- 16.
- 17.
- 18. -- user definedfunction CREATE FUNCTION Security.fn_securitypredicate (@SalesRep AS sysname) RETURNS TABLE WITH SCHEMABINDING AS RETURN SELECT 1 AS fn_securitypredicate_result WHERE @SalesRep = USER_NAME() OR USER_NAME() = 'Manager'; -- security policy CREATE SECURITY POLICY SalesFilter ADD FILTER PREDICATE Security.fn_securitypredicate(SalesRep) ON dbo.Sales WITH (STATE = ON); No GUI, folks
- 19.
- 20.
- 21.
- 22. time coolness Session’s Timeline Dynamic DataMasking Row Level Security
- 23. DEMO Row Level SecurityIssues
- 24. So is thata security feature then?
- 25. Or is thata programmability feature?
- 26. Summary There’s a lotgoing on in SQL Azure DB Easily mask sensitive data with Dynamic Data Masking Limit the rows users can see with Row Level Security Be aware of the current issues of RLS
- 27. Upcoming events SQLSaturday #384on May 30th in Varna! http://www.sqlsaturday.com/384/
- 28.