Row Level Security in SQL Server 2016 – The Basics

In this article we introduce you to row level security features in SQL Server 2016

Row Level SecurityIn case, you ever wished to have security for your data at the record level, then your wish is fulfilled in the new SQL Server 2016 version that comes with an interesting Row Level Security Feature. Well, it is a concept that offers security right at the row level in a database layer and not at the application layer. This feature is particularly beneficial when the user required control on access of data at the granular level. Learn in depth about RLS or Row Level Security by reading this article to know what it actually means, its advantages and how to implement it in the server.

Defining Row Level Security

In broader terms, RLS or Row Level Security is a security policy offered in SQL Server 2016 to help the users control access to data rows in a particular database table that is based on the specific characteristics of the user accessing the query. The best benefit of RLS is that it simplifies the coding as well as the design of the security in the server and helps implementing the restrictions on crucial data row access. It should also be noted that the RLS access restriction is generally placed in the database tier that applies to the access restrictions to make the system more robust and reliable. You must also know that RLS basically supports two different types of security predicates. Firstly, Block Predicates that block write operations and secondly, a Filter Predicate that filters the rows available to read operations in a silent way.

Implementing Row Level Security

Here are some examples to study the use of RLS or Row Level Security in the server. Firstly, it can be used in a bank to generate a policy to restrict the access to some financial data depending on the business division of the business or the employer’s role in the company. Secondly, it can be used in a hospital to generate a security policy allowing nurses to check records of only their patients. Thirdly, RLS can be used in a multi tenant application to generate a policy to apply logical separation of tenants’ data rows from each other.

Limitations of Row Level Security

Like any other feature of SQL Server 2016, RLS too comes with some limitations. Firstly, it doesn’t allow you to generate an indexed view of a table that has a defined security policy. Secondly, it is not compatible with Polybase and FileStream. Thirdly, RLS being a function can fetch instances when the queries are re-written. Fourthly, due to some side channel attacks, some data values for particular rows may be determined even without the right access.

As a conclusion, it can be stated that by implanting RLS you can easily put on record level security rules within your database design. This smart feature of SQL Server 2016 can help build a solution to different business problems of small to medium sized businesses by creating a security policy with utmost ease.

Completely securing your SQL Server data mandates investing in a recovery tool

While backups can help you recover a large amount of data after a SQL crash, they are not able to recover the complete data repository. Basically the data from the time of the last backup to the time of the crash is at risk. To completely secure the data contained in your SQL Server database, you should invest in a proficient sql server recovery application like the DataNumen SQL Recovery. Aided with an advanced recovery engine, this tool can tackle the most comprehensive cases of SQL corruption and bring back the encompassed data in quick time.

Author Introduction:

Alan Chen is President & Chairman of DataNumen, Inc., which is the world leader in data recovery technologies, including access recovery and sql recovery software products. For more information visit

Leave a Reply

Your email address will not be published.