securing sql azure db? how?
TRANSCRIPT
Boris Hristov, SQL Server MVP
Securing SQL Azure DB?
Organizer
SQLSaturday Rheinland 201513.06.2015
Bronze Sponsor
SQLSaturday Rheinland 201513.06.2015
Silver Sponsor
SQLSaturday Rheinland 201513.06.2015
Gold Sponsor
SQLSaturday Rheinland 201513.06.2015
You rock!
SQLSaturday Rheinland 201513.06.2015
That’s not a marketing talk!DISCLAIMER:
So who is this guy Boris?
@BorisHristov
time
cool
ness Session’s Timeline
Dynamic Data Masking Row Level Security
Dynamic Data Masking
“Have you ever…”
SELECT * FROM dbo.Customers
custid FirstName LastName PhoneNumber EmailAddress CreditcardNumber
1 Boris Hristov +359889000000 [email protected] 1111-1111-1111-1111
2 Ivan Donev +359889000000 [email protected] 2222-2222-2222-2222
3 Stanislav Zhelyaskov +359889000000 [email protected]
3333-3333-3333-3333
4 Ivan Minchev +359889000000 [email protected] 4444-4444-4444-4444
custid FirstName LastName PhoneNumber EmailAddress CreditcardNumber
1 Boris Hristov +359889000000 [email protected] xxxx-xxxx-xxxx-1111
2 Ivan Donev +359889000000 [email protected] xxxx-xxxx-xxxx-2222
3 Stanislav Zhelyaskov +359889000000 [email protected] xxxx-xxxx-xxxx-3333
4 Ivan Minchev +359889000000 [email protected] xxxx-xxxx-xxxx-4444
SELECT * FROM dbo.Customers
Dynamic Data Masking
DEMODynamic Data Masking
Row Level Security
“Have you ever…”
orderid custid orderdate shipdate shipcountry
1 1 4/20/2015 20:15:49 4/20/2015 20:15:49 Bulgaria
2 1 4/20/2015 20:15:49 4/20/2015 20:15:49 Germany
3 2 4/20/2015 20:15:49 4/20/2015 20:15:49 Germany
4 2 4/20/2015 20:15:49 4/20/2015 20:15:49 Bulgaria
5 3 4/20/2015 20:15:49 4/20/2015 20:15:49 Bulgaria
SELECT * FROM dbo.Orders
orderid custid orderdate shipdate shipcountry
1 1 4/20/2015 20:15:49 4/20/2015 20:15:49 Bulgaria
4 2 4/20/2015 20:15:49 4/20/2015 20:15:49 Bulgaria
5 3 4/20/2015 20:15:49 4/20/2015 20:15:49 Bulgaria
SELECT * FROM dbo.Orders
How is that possible?
-- user defined functionCREATE FUNCTION Security.fn_securitypredicate (@SalesRep AS sysname) RETURNS TABLE WITH SCHEMABINDINGAS RETURN SELECT 1 AS fn_securitypredicate_result WHERE @SalesRep = USER_NAME() OR USER_NAME() = 'Manager';
-- security policyCREATE SECURITY POLICY SalesFilter ADD FILTER PREDICATE Security.fn_securitypredicate(SalesRep) ON dbo.Sales WITH (STATE = ON);
No GUI, folks
DEMORow Level Security
Cool, huh?
Not that fast…
time
cool
ness
Session’s Timeline
Dynamic Data Masking Row Level Security
DEMORow Level Security Issues
So is that a security feature
then?
Or is that a programmability
feature?
Summary
There’s a lot going on in SQL Azure DB
Easily mask sensitive data with Dynamic Data Masking
Limit the rows users can see with Row Level Security
Be aware of the current issues of RLS
Save the date!
13.06.2015 SQLSaturday Rheinland 2015
Thank you!
Contacts:[email protected]@BorisHristov