Enterprise RLS in SQL Server in Power BI

Slides:



Advertisements
Similar presentations
SQL Server Accelerator for Business Intelligence (SSABI)
Advertisements

Technical BI Project Lifecycle
Introduction to Databases
Chapter 4: Database Management. Databases Before the Use of Computers Data kept in books, ledgers, card files, folders, and file cabinets Long response.
ORACLE DATABASE SECURITY
DYNAMICS CRM AS AN xRM DEVELOPMENT PLATFORM Jim Novak Solution Architect Celedon Partners, LLC
1 Intro to Info Tech Database Management Systems Copyright 2003 by Janson Industries This presentation can be viewed on line at:
DBA Developer. Responsibilities  Designing Relational databases  Developing interface layer Environment Microsoft SQL Server,.NET SQL Layer: Stored.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 6 Virtual Private Databases.
CSIS 4310 – Advanced Databases Virtual Private Databases.
“INTRODUCTION TO DATABASE AND SQL”. Outlines 2  Introduction To Database  Database Concepts  Database Properties  What is Database Management System.
Database Management System (DBMS) an Introduction DeSiaMore 1.
Robin Mullinix Systems Analyst GeorgiaFIRST Financials PeopleSoft Query: The Next Step.
Course FAQ’s I do not have any knowledge on SQL concepts or Database Testing. Will this course helps me to get through all the concepts? What kind of.
ADAPTING YOUR ETL SOLUTION TO USE SSIS 2012 Presentation by Devin Knight
Master Data Management & Microsoft Master Data Services Presented By: Jeff Prom Data Architect MCTS - Business Intelligence (2008), Admin (2008), Developer.
1 MS Access. 2 Database – collection of related data Relational Database Management System (RDBMS) – software that uses related data stored in different.
How to train your users to create their own BI reports? So that you (IT) don’t have to Paras Doshi Consultant, SolidQ Chapter co-leader, PASS Business.
© 2012 Saturn Infotech. All Rights Reserved. Oracle Hyperion Data Relationship Management Presented by: Prasad Bhavsar Saturn Infotech, Inc.
Chapter 6 Virtual Private Databases
McGraw-Hill/Irwin © 2008 The McGraw-Hill Companies, All Rights Reserved Chapter 7 Storing Organizational Information - Databases.
Migrating Data to SQL Azure Arunraj Chandrasekaran Twitter June 21, 2011.
Overview of Security Investments in SQL Server 2016 and Azure SQL Database Jamey Johnston 1/15/2016Security Investments in SQL Server 2016 and Azure SQL.
SQL Server 2016 Security Features Marek Chmel Microsoft MVP: Data Platform Microsoft MCT: Regional Lead MCSE: Data Platform Certified Ethical Hacker.
Mastering Master Data Services Presented By: Jeff Prom BI Data Architect Bridgepoint Education MCTS - Business Intelligence, Admin, Developer.
Introduction to R and Data Science Tools in the Microsoft Stack Jamey Johnston.
Review DirectQuery in SSAS 2016, best practices and use cases
Introduction to R and Data Science Tools in the Microsoft Stack
Databases and DBMSs Todd S. Bacastow January
Introduction to R and Data Science Tools in the Microsoft Stack
Why are you still taking backups?
“Introduction To Database and SQL”
What’s new in SQL Server 2017 for BI?
Enterprise Row Level Security: SQL Server 2016 and Azure SQL DB
Querying Hierarchical Data
Overview of Security Investments
6/12/2018 2:19 PM BRK3245 DirectQuery in Analysis Services: best practices, performance, and use cases Marco Russo SQLBI © Microsoft Corporation. All rights.
Intro to R & MS Data Science Tools
What’s New in SQL Server 2016 Master Data Services
A time travel with temporal tables
T-SQL: Simple Changes That Go a Long Way
T-SQL: Simple Changes That Go a Long Way
Data Virtualization Demoette… Column-Based Security
Applying Data Warehouse Techniques
Swagatika Sarangi (Jazz), MDM Expert
Principles of report writing
“Introduction To Database and SQL”
SharePoint Essentials Toolkit
MANAGING DATA RESOURCES
Chapter 8 Working with Databases and MySQL
Overview of Security Investments
Database.
Implementing Row Level Security in SQL Server
Enhance BI Applications and Simplify Development
Security Enhancements in SQL Server 2016
TechEd /24/2018 6:19 AM © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered.
Cloud Platform Lowers Implementation Barriers, Offers Security for Mobile Scheduling Solution MINI-CASE STUDY “We wanted to focus on providing an optimal.
Applying Data Warehouse Techniques
Row Level Security in SQL Azure and in On Premise
Implementing Row Level Security (RLS)
Cloud Data Replication with SQL Data Sync
Applying Data Warehouse Techniques
From MDS to SSRS - a short walkthrough
SQL Server 2016 Security Features
Applying Data Warehouse Techniques
Chapter 3 Database Management
Applying Data Warehouse Techniques
T-SQL: Simple Changes That Go a Long Way
Navigating SSMS Primer for Beginners
Presentation transcript:

Enterprise RLS in SQL Server in Power BI Jamey Johnston June 2018 Enterprise Row Level Security in SQL Server in Power BI

Agenda Who am I? Row-level Security in MS SQL Server Row-level Security in Power BI Questions June 2018 Enterprise Row Level Security in SQL Server in Power BI

Jamey Johnston Data Scientist/Engineer for an O&G Company 25 years DBA Experience TAMU MS in Analytics http://analytics.stat.tamu.edu Semi-Pro Photographer http://jamey.photograhy @STATCowboy http://STATCowboy.com Download Code Here! June 2018 Enterprise Row Level Security in SQL Server in Power BI

Row Level Security RLS allows for controlled access to rows in tables based on attributes of the user executing the query 2 Methods or RLS in SQL Server: Filter Based (2005+) SQL Server Security Label Toolkit http://sqlserverlst.codeplex.com/ Use views on tables with “labels” to limit access Problem is you have to change the application code and add views (i.e. upgrades are a pain, unsupported applications) Predicate Based (2016+ and Azure) Uses functions and policies to apply predicates to the SQL No application code changes and base database schema left intact (i.e. upgrades not impacted very much by RLS) June 2018 Enterprise Row Level Security in SQL Server in Power BI

Row Level Security: Basic Steps Define Table(s) for RLS Create a new Schema, RLS, for Security Objects Create Table Value Function to define “how” to enforce security on Table Create a Security Policy on the table using the TVF June 2018 Enterprise Row Level Security in SQL Server in Power BI

Table Value Functions User defined function that returns a data table Powerful alternative to View Expand beyond SELECT and use more powerful T-SQL RLS uses them to return a 1 for row matches CREATE FUNCTION RLS.fn_RLSpredicate(@Region AS sysname) RETURNS TABLE WITH SCHEMABINDING AS RETURN SELECT 1 AS fn_RLSpredicate_result WHERE USER_NAME() = 'VP_US' or @Region = USER_NAME(); GO June 2018 Enterprise Row Level Security in SQL Server in Power BI

Security Policy Policy that is created to apply the Security Predicate CREATE SECURITY POLICY Well_HeaderFilter ADD FILTER PREDICATE RLS.fn_RLSpredicate(Region) ON dbo.Well_Header ADD BLOCK PREDICATE RLS.fn_RLSpredicate(Region) ON dbo.Well_Header AFTER INSERT GO June 2018 Enterprise Row Level Security in SQL Server in Power BI

Recursive Queries with CTE Use them to query tables with Hierarchical Data https://technet.microsoft.com/en-us/library/ms186243(v=sql.105).aspx June 2018 Enterprise Row Level Security in SQL Server in Power BI

Why Predicate Based RLS for Business? No application code changes and Base database schema left Intact (i.e. upgrades not impacted very much by RLS) With ISV applications it is not advisable to change the Schema Increased ventures with Internal Partners require row-level granular access to the applications RLS allows for the row-level security and eliminates the need for federated/”broken-out” databases/applications June 2018 Enterprise Row Level Security in SQL Server in Power BI

Demos Simple RLS Demo Advanced RLS Demo with Hierarchies June 2018 Enterprise Row Level Security in SQL Server in Power BI

RLS with Parent/Child Hierarchies Demo will show how an organizational hierarchy and asset hierarchy can be leveraged together to provide RLS on tables using the new predicate based RLS feature in SQL Server 2016 and Azure Important Concepts: Organization Unit Represents a position in the company (not employee) Security is assigned to the Organization Unit and propagated to the User ID Hierarchy Based Security Allows for inheritance of permissions via the Organization and Asset Hierarchy Do NOT need to assign security to every node in the hierarchy. Child nodes can inherit from Parent Nodes Parent/Child Hierarchy Employee ID / Manager ID - Unary Relationship June 2018 Enterprise Row Level Security in SQL Server in Power BI

Asset Hierarchy Snapshot of the Asset Hierarchy June 2018 Enterprise Row Level Security in SQL Server in Power BI

Organizational Hierarchy Snapshot of the Org Hierarchy June 2018 Enterprise Row Level Security in SQL Server in Power BI

Security Record for Every Employee is NOT Required! Hierarchies and RLS insert into [SEC_ASSET_MAP] values (100001, 'ALL', 'ALL'); Inherits from CEO Inherits from SVP who Inherits from CEO insert into [SEC_ASSET_MAP] values (100010, 'REGION', 'NORTHERN US'); insert into [SEC_ASSET_MAP] values (100028, 'ASSET_GROUP', 'PRB'); Inherits from Manger Security Record for Every Employee is NOT Required! June 2018 Enterprise Row Level Security in SQL Server in Power BI

RLS with HierarchyID Datatype Demonstrates how the HierarchyID Datatype can be used for RLS SEC_ORG_USER_BASE_HID Same as SEC_ORG_USER_BASE but includes HierarchyID column to demonstrate RLS with HierarchyID data types https://msdn.microsoft.com/en-us/library/bb677290.aspx June 2018 Enterprise Row Level Security in SQL Server in Power BI

Parent/Child vs HierarchyID Data Type Most familiar and most likely to be supported by ISV Easier to implement security across multiple hierarchies (Org and Asset) More flexible to support access across multiple node levels (i.e. User has access to multiple nodes in the Hierarchy) HierarchyID Datatype Does not work easily across multiple hierarchies and with multiple node level access Very fast when working with one hierarchy Still researching as it is fast and would like to use! June 2018 Enterprise Row Level Security in SQL Server in Power BI

Demo ERD June 2018 Enterprise Row Level Security in SQL Server in Power BI

Row-level Security: Learn More Books Online https://msdn.microsoft.com/en-us/library/dn765131.aspx SQL Security Blog (keyword RLS) http://blogs.msdn.com/b/sqlsecurity/archive/tags/rls/ Channel 9 Videos https://channel9.msdn.com/Shows/Data-Exposed/Row-Level-Security-Updates https:// channel9.msdn.com/Shows/Data-Exposed/Row-Level-Security-in-Azure-SQL-Database https://channel9.msdn.com/Shows/Data-Exposed/SQL-Server-2016-Row-Level-Security Code Samples https://rlssamples.codeplex.com/ June 2018 Enterprise Row Level Security in SQL Server in Power BI

Questions? Thank you for attending! @STATCowboy http://STATCowboy.com Download Demos SQL Server Security Blog http://blogs.msdn.com/b/sqlsecurity June 2018 Enterprise Row Level Security in SQL Server in Power BI

June 2018 Enterprise Row Level Security in SQL Server in Power BI

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.