Row-Level Security Set for SQL Server

 
 
By Timothy Dyck  |  Posted 2002-11-11 Email Print this article Print
 
 
 
 
 
 
 

Microsoft architect James Hamilton discusses upcoming security changes in the next release of SQL Server, code-named Yukon.

Last month, I met with Microsofts James Hamilton, an architect of Microsoft SQL Server, to be briefed on upcoming security changes in the next release of SQL Server, code-named Yukon, which is expected to begin beta testing in the first half of next year.

The most significant security change in Yukon—and one that hadnt been mentioned to the press previously—is that SQL Server will support a declarative security model that provides much finer, more flexible security controls than are possible using the SQL table- and view-based permissions model.

"What were building here is a row-level security," said Hamilton, in Redmond, Wash. "Every user accessing a table has a predicate assigned to them that controls their access. That predicate gets applied to every query; same thing with an update. Unless youre updating your particular row, it will fail."

Using this system, users could be restricted so they could access only data rows where, for example, the state column was set to Washington and could update only rows where the city was Seattle.

Oracle9i Enterprise Edition and Sybase Adaptive Server Enterprise databases already support similar extensions to the base SQL permissions system, and its inclusion in the next version of SQL Server will be a major security step forward for that product.

 
 
 
 
Timothy Dyck is a Senior Analyst with eWEEK Labs. He has been testing and reviewing application server, database and middleware products and technologies for eWEEK since 1996. Prior to joining eWEEK, he worked at the LAN and WAN network operations center for a large telecommunications firm, in operating systems and development tools technical marketing for a large software company and in the IT department at a government agency. He has an honors bachelors degree of mathematics in computer science from the University of Waterloo in Waterloo, Ontario, Canada, and a masters of arts degree in journalism from the University of Western Ontario in London, Ontario, Canada.
 
 
 
 
 
 
 

Submit a Comment

Loading Comments...

 
Manage your Newsletters: Login   Register My Newsletters























 
 
 
 
 
 
 
 
 
 
 
Rocket Fuel