securing sql azure db? how?
Post on 31-Jul-2015
333 Views
Preview:
TRANSCRIPT
Boris Hristov, SQL Server MVP
Securing SQL Azure DB?
Organizer
SQLSaturday Rheinland 201513.06.2015
Bronze Sponsor
SQLSaturday Rheinland 201513.06.2015
Silver Sponsor
SQLSaturday Rheinland 201513.06.2015
Gold Sponsor
SQLSaturday Rheinland 201513.06.2015
You rock!
SQLSaturday Rheinland 201513.06.2015
That’s not a marketing talk!DISCLAIMER:
So who is this guy Boris?
@BorisHristov
time
cool
ness Session’s Timeline
Dynamic Data Masking Row Level Security
Dynamic Data Masking
“Have you ever…”
SELECT * FROM dbo.Customers
custid FirstName LastName PhoneNumber EmailAddress CreditcardNumber
1 Boris Hristov +359889000000 brshristov@live.com 1111-1111-1111-1111
2 Ivan Donev +359889000000 idonev@live.com 2222-2222-2222-2222
3 Stanislav Zhelyaskov +359889000000 szhelyaskov@live.com
3333-3333-3333-3333
4 Ivan Minchev +359889000000 iminchev@live.com 4444-4444-4444-4444
custid FirstName LastName PhoneNumber EmailAddress CreditcardNumber
1 Boris Hristov +359889000000 bxx@xxxx.com xxxx-xxxx-xxxx-1111
2 Ivan Donev +359889000000 ixxx@xxxx.com xxxx-xxxx-xxxx-2222
3 Stanislav Zhelyaskov +359889000000 sxx@xxxx.com xxxx-xxxx-xxxx-3333
4 Ivan Minchev +359889000000 ixx@live.com xxxx-xxxx-xxxx-4444
SELECT * FROM dbo.Customers
Dynamic Data Masking
DEMODynamic Data Masking
Row Level Security
“Have you ever…”
orderid custid orderdate shipdate shipcountry
1 1 4/20/2015 20:15:49 4/20/2015 20:15:49 Bulgaria
2 1 4/20/2015 20:15:49 4/20/2015 20:15:49 Germany
3 2 4/20/2015 20:15:49 4/20/2015 20:15:49 Germany
4 2 4/20/2015 20:15:49 4/20/2015 20:15:49 Bulgaria
5 3 4/20/2015 20:15:49 4/20/2015 20:15:49 Bulgaria
SELECT * FROM dbo.Orders
orderid custid orderdate shipdate shipcountry
1 1 4/20/2015 20:15:49 4/20/2015 20:15:49 Bulgaria
4 2 4/20/2015 20:15:49 4/20/2015 20:15:49 Bulgaria
5 3 4/20/2015 20:15:49 4/20/2015 20:15:49 Bulgaria
SELECT * FROM dbo.Orders
How is that possible?
-- user defined functionCREATE FUNCTION Security.fn_securitypredicate (@SalesRep AS sysname) RETURNS TABLE WITH SCHEMABINDINGAS RETURN SELECT 1 AS fn_securitypredicate_result WHERE @SalesRep = USER_NAME() OR USER_NAME() = 'Manager';
-- security policyCREATE SECURITY POLICY SalesFilter ADD FILTER PREDICATE Security.fn_securitypredicate(SalesRep) ON dbo.Sales WITH (STATE = ON);
No GUI, folks
DEMORow Level Security
Cool, huh?
Not that fast…
time
cool
ness
Session’s Timeline
Dynamic Data Masking Row Level Security
DEMORow Level Security Issues
So is that a security feature
then?
Or is that a programmability
feature?
Summary
There’s a lot going on in SQL Azure DB
Easily mask sensitive data with Dynamic Data Masking
Limit the rows users can see with Row Level Security
Be aware of the current issues of RLS
Save the date!
13.06.2015 SQLSaturday Rheinland 2015
Thank you!
Contacts:brshristov@live.comwww.borishristov.com@BorisHristov
top related