Making Row Level Security and Dynamic Data Masking work for you.

The One Platform for Physical, Virtual, and Cloud Performance. SentryOne™ empowers Microsoft data professionals to monitor, diagnose, and optimize performance across physical, virtual, and cloud resources. The SentryOne platform delivers seamless integration for all of our solutions, enabling users to determine the true cause of performance issues, and reduce consumption and infrastructure costs. http://SentryOne.com/BookADemo

The One Platform for Physical, Virtual, and Cloud Performance. Free Resources The One Platform for Physical, Virtual, and Cloud Performance. Free e-books In these books, you will find useful, hand-picked articles that will help give insight into some of your most vexing performance problems. These articles were written by several of the SQL Server industry's leading experts, including Aaron Bertrand, Paul White, Paul Randal, Jonathan Kehayias, Erin Stellato, Glenn Berry, and Joe Sack. http://www.sentryone.com/sql-server-books/ Websites SQLPerformance.com provides innovative and practical solutions for improving SQL Server performance. Answers.SQLPerformance.com is a question and answers site where you can upload query plans directly from Plan Explorer and have questions answered from execution plan analysis expert Paul White, among others. SQLSentry.TV offers an inside look into the world of SentryOne with videos on query tuning and product demos. Blogs.SentryOne.com is where you can find all of our team members’ blogs as well as important information about the latest updates to SentryOne software, SQL Server and server performance issues.

Your Presenter John Q. Martin Product Manager for SentryOne Microsoft Data Platform MVP Over a decade of experience with SQL Server as a Dev, DBA and BI Dev. Most recently working as a Premier Field Engineer with Microsoft UK. Contact Info Twitter : @SQLDiplomat Email : Jmartin@SentryOne.com Blog : http://blogs.SentryOne.com/author/JohnMartin/ LinkedIn : https://uk.linkedin.com/in/johnqmartin

Key Security Principals Agenda Key Security Principals Row Level Security Dynamic Data Masking

Security Principals

Security Principals Eliminate Gaps Layers

Row Level Security

Row Level Security A. B. C.

Row Level Security – Scenario Sales employees should only be able to see orders that they have placed. Managers should be able to see all of the orders placed by their subordinates.

Manager/Employee Hierarchy Row Level Security Employee EmpID ManagerID OrganizationNode Employees & Managers fn_SecurityClassifier Security Policy Manager/Employee Hierarchy SalesPerson SalesPersonID EmpID SalesOrderHeader SalesOrderID SalesPersonID Sales Person SCOPE!! SalesOrderDetails SalesOrderID SalesOrderLineID ProductID Product ProductID Sales Data

Row Level Security Demo

Dynamic Data Masking ?

Dynamic Data Masking Comic source : https://xkcd.com/571 (Can’t Sleep)

Dynamic Data Masking SELECT Name, NationalIDNumber FROM Person.Person;

Dynamic Data Masking SELECT Name, NationalIDNumber FROM Person.Person;

Dynamic Data Masking SELECT Name, NationalIDNumber FROM Person.Person;

Dynamic Data Masking SELECT Name, NationalIDNumber FROM Person.Person;

Dynamic Data Masking - Functions Comic source : https://xkcd.com/1210 (I’m So Random)

Dynamic Data Masking - Functions

Row Level Security Demo

In-Line Table Value Function Summary Row Level Security Dynamic Data Masking Designed In Highly customizable In-Line Table Value Function Leverage Server Authentication Masked at Column Level Not Very Granualr

Fix Show_Statistics issue Connect Items Fix Show_Statistics issue http://bit.ly/DDMStats Enhance Unmask http://bit.ly/DDMUnmask Prevent Filtering on Masked Columns http://bit.ly/DDMFIltering