Row Level Security for SQL Server 2008

Update to this post from many moons ago!

 

An important challenge for some public sector developers is providing label-based row level security in database-centric applications.  Such systems require that classified and/or compartmented data be tagged with security labels and that access to data at the row level be mediated by the DBMS based on the permissions of the end user.  These requirements are especially common in military and other security-related
customer environments.

Implementing row level security based on security labels is possible in SQL Server 2008 – but you won’t need separately priced add-on to do it.  A revised whitepaper has just been released by Microsoft detailing a design framework for row (and cell) level security in SQL Server.  This whitepaper is accompanied by a free toolkit on Codeplex, which provides a robust code-gen tool for implementing the framework based on your needs, as well as samples and additional documentation.  Both the whitepaper and the toolkit are revisions to original versions released a few years back (on this very blog).  The new version incorporates lessons learned and streamlines some complex scenarios.  It also removes the requirement to use the SQLCLR - which was an obstacle in some cases – and includes full source for the toolkit.

 Whitepaper:  Implementing Row and Cell Level Security in Classified Databases

Toolkit:  SQL Server Label Security Toolkit

 

If you’re considering options and/or feasibility for a database design with row level security, a close look at this material is definitely in order.