{"id":544,"date":"2011-07-20T13:59:00","date_gmt":"2011-07-20T13:59:00","guid":{"rendered":"\/blogs\/bobb\/post\/A-row-level-and-label-security-offering-for-SQL-Server.aspx"},"modified":"2011-07-20T13:59:00","modified_gmt":"2011-07-20T13:59:00","slug":"a-row-level-and-label-security-offering-for-sql-server","status":"publish","type":"post","link":"https:\/\/www.sqlskills.com\/blogs\/bobb\/a-row-level-and-label-security-offering-for-sql-server\/","title":{"rendered":"A row-level and label security offering for SQL Server"},"content":{"rendered":"

\nTwo of the security features that folks have asked me about, especially since around 2002, is row-level and label security. Row-level security was present in one of the early betas (beta 1, IIRC) of SQL Server 2005, but it was pulled almost right after that beta release, never to return. Row-level security is a self-descriptive term, but label-based security requires a short explanation. When using label security, each data item is give a classification, say unclassified, confidential secret, or top-secret, and only users with the appropriate security classification as allowed access. Searching around, I found the US Dept of Commerce FIPS publication<\/a> that describes government standards. Label security is often a requirement for government contracts. Although SQL Server can rightfully claim to be one of the most, if not the most, secure database (by reported number of security bugs\/fixes), row-based and label never seem to make it to the top of the implementation list. \n<\/p>\n

\nWell, it looks like my friend Lara Rubbelke<\/a> has done it again! The author of the Enterprise Policy Management toolkit now brings you the SQL Server Label Security Toolkit<\/a>. Since Lara's Enterprise Policy Management Framework<\/a> is such as big hit (and she's otherwise known for quality of implementation), I just had to download this one and try it out. It consists of the Label Admin program, a GUI-based app used to set up labels and associated information, and a set of implementation functions and procedures. In addition, there's a set of documentation, including a user's guide and developer's reference and a rather extensive set of samples. If you've been one of those folks wondering about when RLS and LS would make their appearence, give it a look-see. Maybe some day this functionality and Enterprise Policy Management will be formally integrated into the product, but, until then…\n<\/p>\n

\nThanks, Lara!\n<\/p>\n

\n@bobbeauch<\/p>\n","protected":false},"excerpt":{"rendered":"

Two of the security features that folks have asked me about, especially since around 2002, is row-level and label security. Row-level security was present in one of the early betas (beta 1, IIRC) of SQL Server 2005, but it was pulled almost right after that beta release, never to return. Row-level security is a self-descriptive […]<\/p>\n","protected":false},"author":7,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[23],"tags":[],"class_list":["post-544","post","type-post","status-publish","format-standard","hentry","category-security"],"yoast_head":"\nA row-level and label security offering for SQL Server - Bob Beauchemin<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.sqlskills.com\/blogs\/bobb\/a-row-level-and-label-security-offering-for-sql-server\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"A row-level and label security offering for SQL Server - Bob Beauchemin\" \/>\n<meta property=\"og:description\" content=\"Two of the security features that folks have asked me about, especially since around 2002, is row-level and label security. Row-level security was present in one of the early betas (beta 1, IIRC) of SQL Server 2005, but it was pulled almost right after that beta release, never to return. Row-level security is a self-descriptive […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.sqlskills.com\/blogs\/bobb\/a-row-level-and-label-security-offering-for-sql-server\/\" \/>\n<meta property=\"og:site_name\" content=\"Bob Beauchemin\" \/>\n<meta property=\"article:published_time\" content=\"2011-07-20T13:59:00+00:00\" \/>\n<meta name=\"author\" content=\"Bob Beauchemin\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Bob Beauchemin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.sqlskills.com\/blogs\/bobb\/a-row-level-and-label-security-offering-for-sql-server\/\",\"url\":\"https:\/\/www.sqlskills.com\/blogs\/bobb\/a-row-level-and-label-security-offering-for-sql-server\/\",\"name\":\"A row-level and label security offering for SQL Server - Bob Beauchemin\",\"isPartOf\":{\"@id\":\"https:\/\/www.sqlskills.com\/blogs\/bobb\/#website\"},\"datePublished\":\"2011-07-20T13:59:00+00:00\",\"dateModified\":\"2011-07-20T13:59:00+00:00\",\"author\":{\"@id\":\"https:\/\/www.sqlskills.com\/blogs\/bobb\/#\/schema\/person\/62bfa986c5b5d28fcffd8b4fc409c73e\"},\"breadcrumb\":{\"@id\":\"https:\/\/www.sqlskills.com\/blogs\/bobb\/a-row-level-and-label-security-offering-for-sql-server\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.sqlskills.com\/blogs\/bobb\/a-row-level-and-label-security-offering-for-sql-server\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.sqlskills.com\/blogs\/bobb\/a-row-level-and-label-security-offering-for-sql-server\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.sqlskills.com\/blogs\/bobb\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Security\",\"item\":\"https:\/\/www.sqlskills.com\/blogs\/bobb\/category\/security\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"A row-level and label security offering for SQL Server\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.sqlskills.com\/blogs\/bobb\/#website\",\"url\":\"https:\/\/www.sqlskills.com\/blogs\/bobb\/\",\"name\":\"Bob Beauchemin\",\"description\":\"SQL Server Blog\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.sqlskills.com\/blogs\/bobb\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.sqlskills.com\/blogs\/bobb\/#\/schema\/person\/62bfa986c5b5d28fcffd8b4fc409c73e\",\"name\":\"Bob Beauchemin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.sqlskills.com\/blogs\/bobb\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/6f80e6cc667410857fa6a21931dc528b8092f4d112bf7a8ff7c267674d44ee37?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/6f80e6cc667410857fa6a21931dc528b8092f4d112bf7a8ff7c267674d44ee37?s=96&d=mm&r=g\",\"caption\":\"Bob Beauchemin\"},\"sameAs\":[\"http:\/www.sqlskills.com\/blogs\/bobb\/\"],\"url\":\"https:\/\/www.sqlskills.com\/blogs\/bobb\/author\/bobb\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"A row-level and label security offering for SQL Server - Bob Beauchemin","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.sqlskills.com\/blogs\/bobb\/a-row-level-and-label-security-offering-for-sql-server\/","og_locale":"en_US","og_type":"article","og_title":"A row-level and label security offering for SQL Server - Bob Beauchemin","og_description":"Two of the security features that folks have asked me about, especially since around 2002, is row-level and label security. Row-level security was present in one of the early betas (beta 1, IIRC) of SQL Server 2005, but it was pulled almost right after that beta release, never to return. Row-level security is a self-descriptive […]","og_url":"https:\/\/www.sqlskills.com\/blogs\/bobb\/a-row-level-and-label-security-offering-for-sql-server\/","og_site_name":"Bob Beauchemin","article_published_time":"2011-07-20T13:59:00+00:00","author":"Bob Beauchemin","twitter_misc":{"Written by":"Bob Beauchemin","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.sqlskills.com\/blogs\/bobb\/a-row-level-and-label-security-offering-for-sql-server\/","url":"https:\/\/www.sqlskills.com\/blogs\/bobb\/a-row-level-and-label-security-offering-for-sql-server\/","name":"A row-level and label security offering for SQL Server - Bob Beauchemin","isPartOf":{"@id":"https:\/\/www.sqlskills.com\/blogs\/bobb\/#website"},"datePublished":"2011-07-20T13:59:00+00:00","dateModified":"2011-07-20T13:59:00+00:00","author":{"@id":"https:\/\/www.sqlskills.com\/blogs\/bobb\/#\/schema\/person\/62bfa986c5b5d28fcffd8b4fc409c73e"},"breadcrumb":{"@id":"https:\/\/www.sqlskills.com\/blogs\/bobb\/a-row-level-and-label-security-offering-for-sql-server\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.sqlskills.com\/blogs\/bobb\/a-row-level-and-label-security-offering-for-sql-server\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.sqlskills.com\/blogs\/bobb\/a-row-level-and-label-security-offering-for-sql-server\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.sqlskills.com\/blogs\/bobb\/"},{"@type":"ListItem","position":2,"name":"Security","item":"https:\/\/www.sqlskills.com\/blogs\/bobb\/category\/security\/"},{"@type":"ListItem","position":3,"name":"A row-level and label security offering for SQL Server"}]},{"@type":"WebSite","@id":"https:\/\/www.sqlskills.com\/blogs\/bobb\/#website","url":"https:\/\/www.sqlskills.com\/blogs\/bobb\/","name":"Bob Beauchemin","description":"SQL Server Blog","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.sqlskills.com\/blogs\/bobb\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.sqlskills.com\/blogs\/bobb\/#\/schema\/person\/62bfa986c5b5d28fcffd8b4fc409c73e","name":"Bob Beauchemin","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.sqlskills.com\/blogs\/bobb\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/6f80e6cc667410857fa6a21931dc528b8092f4d112bf7a8ff7c267674d44ee37?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/6f80e6cc667410857fa6a21931dc528b8092f4d112bf7a8ff7c267674d44ee37?s=96&d=mm&r=g","caption":"Bob Beauchemin"},"sameAs":["http:\/www.sqlskills.com\/blogs\/bobb\/"],"url":"https:\/\/www.sqlskills.com\/blogs\/bobb\/author\/bobb\/"}]}},"_links":{"self":[{"href":"https:\/\/www.sqlskills.com\/blogs\/bobb\/wp-json\/wp\/v2\/posts\/544","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.sqlskills.com\/blogs\/bobb\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.sqlskills.com\/blogs\/bobb\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.sqlskills.com\/blogs\/bobb\/wp-json\/wp\/v2\/users\/7"}],"replies":[{"embeddable":true,"href":"https:\/\/www.sqlskills.com\/blogs\/bobb\/wp-json\/wp\/v2\/comments?post=544"}],"version-history":[{"count":0,"href":"https:\/\/www.sqlskills.com\/blogs\/bobb\/wp-json\/wp\/v2\/posts\/544\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.sqlskills.com\/blogs\/bobb\/wp-json\/wp\/v2\/media?parent=544"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.sqlskills.com\/blogs\/bobb\/wp-json\/wp\/v2\/categories?post=544"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.sqlskills.com\/blogs\/bobb\/wp-json\/wp\/v2\/tags?post=544"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}