Overview

Introduction

The Configuring Security Options module provides you with the instructions and devices to develop your hands-on skills in the following topics.

  • Working with row-level security
  • Securing sensitive data

Lab time: It will take approximately 60 minutes to complete this lab.

Exam Objectives

Two exam objectives are covered in this lab.

  • Restricting access to row-level data by configuring filter and block predicates
  • Secure sensitive data using dynamic data masking

Exercise 1 - Working with Row-Level Security

In an organization, sensitive information should have restricted access. The row-level security (RLS) feature of SQL Server enables you to control access to rows in a table. This feature allows users to have access to a table without having access to all rows of a table. You can implement RLS by executing the CREATE SECURITY POLICY Transact-SQL statement.

You can restrict access to table rows with the help of security predicates. There are two types of security predicates in row-level security. These are as follows:

Filter Predicate: This type of security predicate is applicable during database read operations such as SELECT, UPDATE, and DELETE. Block Predicate: This type of security predicate is applicable during database write operations. You can create security predicates as inline-table valued functions.

In a production environment, row-level security of database data is used in big organizations, banks, hospitals, and so on.

In this exercise, you will learn to work with row-level security.

Exercise 2 - Securing Sensitive Data

SQL Server uses dynamic data masking to prevent unauthorized access to sensitive data. Dynamic data masking hides the data in the result set of the queries. It does not update the table with the masked values. In a production environment, credit card numbers or social security numbers can be masked using dynamic data masking.

You can define masking rule on table fields. There are four types of masking rules in SQL Server such as random, email, default, and custom string.

In this exercise, you will learn to secure sensitive data using dynamic data masking rules.

Comprehensive Learning

See the full benefits of our immersive learning experience with interactive courses and guided career paths.