In SQL Server 2016, can we configure MASKing rules that applies for application level users ?
Hi
Database users are 'X' and 'Y'
User 'X' can see UNMASKed data
User 'Y' can see only MASKed data
In a C# web application, I have five users 'AppUserA', 'AppUserB', AppUserC', 'AppUserD' and 'AppUserE'
I want...
'AppUserA' and 'AppUserB' to see UNMASKed data as database user 'X' can see
Other users should see only MASKed data as database user 'Y' can see
Is there anyway to achieve this ?
Thanks for your time and help in advance
Raj
Database users are 'X' and 'Y'
User 'X' can see UNMASKed data
User 'Y' can see only MASKed data
In a C# web application, I have five users 'AppUserA', 'AppUserB', AppUserC', 'AppUserD' and 'AppUserE'
I want...
'AppUserA' and 'AppUserB' to see UNMASKed data as database user 'X' can see
Other users should see only MASKed data as database user 'Y' can see
Is there anyway to achieve this ?
Thanks for your time and help in advance
Raj
ASKER
Thanks Ryan
Do you mean IMPERSONATE to the respective database user inside Stored Procedure and return appropriate resultset ?
Raj
Do you mean IMPERSONATE to the respective database user inside Stored Procedure and return appropriate resultset ?
EXECUTE AS USER = 'UserX' -- Impersonate AS TestUser...
SELECT * FROM Employee -- the data is masked!!
REVERTRaj
ASKER
I have another related question, could you please help me on that as well ?
https://www.experts-exchange.com/questions/28994736/How-to-set-UNMASK-permission-only-to-only-one-table-in-SQL-Server-2016.html
https://www.experts-exchange.com/questions/28994736/How-to-set-UNMASK-permission-only-to-only-one-table-in-SQL-Server-2016.html
What are you using to mask and unmask the data?
ASKER
Thanks for your comment Vitor. I was sick and just back. Will reply soon
Hi Rajkumar Gs,
Please use below. You just have to provide the access(UNMASK) to the user whom you want to. By default it will be masked for remaining.
Hope it helps!
Please use below. You just have to provide the access(UNMASK) to the user whom you want to. By default it will be masked for remaining.
--
GRANT SELECT ON YourTableName TO AppUserA
GO
GRANT UNMASK TO AppUserA
GO
GRANT SELECT ON YourTableName TO AppUserB
GO
GRANT UNMASK TO AppUserB
GO
--Hope it helps!
ASKER
Hi Vitor
To do masking, I am using the Dynamic Data Masking feature of SQL2016
Raj
What are you using to mask and unmask the data?
To do masking, I am using the Dynamic Data Masking feature of SQL2016
Raj
ASKER
Hi Pawan & Vitor
I guess my question is not clear to you.
For a database user, the query may work.
But I am wondering how the users in application, whose user information would be in database table like 'Users' , some can view only masked data and some others can view real data ?
Since Dynamic data masking applies to database user, how this feature can be applied to application level users ?
Hope you understand what I am looking for
Thanks
Raj
I guess my question is not clear to you.
For a database user, the query may work.
But I am wondering how the users in application, whose user information would be in database table like 'Users' , some can view only masked data and some others can view real data ?
Since Dynamic data masking applies to database user, how this feature can be applied to application level users ?
Hope you understand what I am looking for
Thanks
Raj
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks Vitor.
Please explain a little bit more on the above query and on implementing it in my asp.net web application.
For eg:- I have logged into my application as 'AppUserA' and trying to view the full data and on another instance 'AppUserB' logs in and tries to view same data, but it would be masked data.
Regards
Raj
Please explain a little bit more on the above query and on implementing it in my asp.net web application.
For eg:- I have logged into my application as 'AppUserA' and trying to view the full data and on another instance 'AppUserB' logs in and tries to view same data, but it would be masked data.
Regards
Raj
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks Vitor
I would do that in a Stored Procedure to do the verification and return data accordingly.
You need to have a mapping methodology at your database end, perhaps a mapping table, etc to determine the user's role/permission.