Two of the security features that folks have asked me about, especially since around 2002, is row-level and label security. Row-level security was present in one of the early betas (beta 1, IIRC) of SQL Server 2005, but it was pulled almost right after that beta release, never to return. Row-level security is a self-descriptive term, but label-based security requires a short explanation. When using label security, each data item is give a classification, say unclassified, confidential secret, or top-secret, and only users with the appropriate security classification as allowed access. Searching around, I found the US Dept of Commerce FIPS publication that describes government standards. Label security is often a requirement for government contracts. Although SQL Server can rightfully claim to be one of the most, if not the most, secure database (by reported number of security bugs/fixes), row-based and label never seem to make it to the top of the implementation list.
Well, it looks like my friend Lara Rubbelke has done it again! The author of the Enterprise Policy Management toolkit now brings you the SQL Server Label Security Toolkit. Since Lara's Enterprise Policy Management Framework is such as big hit (and she's otherwise known for quality of implementation), I just had to download this one and try it out. It consists of the Label Admin program, a GUI-based app used to set up labels and associated information, and a set of implementation functions and procedures. In addition, there's a set of documentation, including a user's guide and developer's reference and a rather extensive set of samples. If you've been one of those folks wondering about when RLS and LS would make their appearence, give it a look-see. Maybe some day this functionality and Enterprise Policy Management will be formally integrated into the product, but, until then…
Thanks, Lara!
@bobbeauch