Securing SQL Azure DB? How?

Apr 25, 20150 likes1,542 views

Do you think that your data is not secured in the cloud? Is that one of the reasons for you to not migrate at least some workloads there? Things changed in the last few months in terms of Azure security. In this session we will take a closer look at what the features Row Level Security(RLS) and Dynamic Data Masking can do for your business and how they can help you secure your databases.

April 25
Boris Hristov, SQL Server MVP
Securing
SQL Azure DB?

Thanks to our Sponsors:
Global Sponsor:
Platinum Sponsors:
Swag Sponsors: Media Partners:
With the support of:

That’s not a marketing talk!
Disclaimer:

time
coolness
Session’s Timeline
Dynamic Data Masking Row Level Security

SELECT * FROM
dbo.Customers
custid FirstNam
e
LastName PhoneNumber EmailAddress CreditcardNumber
1 Boris Hristov +359889000000 brshristov@live.com 1111-1111-1111-1111
2 Ivan Donev +359889000000 idonev@live.com 2222-2222-2222-2222
3 Stanislav Zhelyaskov +359889000000 szhelyaskov@live.com 3333-3333-3333-3333
4 Ivan Minchev +359889000000 iminchev@live.com 4444-4444-4444-4444

custid FirstNam
e
LastName PhoneNumbe
r
EmailAddress CreditcardNumber
1 Boris Hristov +359889000000 bxx@xxxx.com xxxx-xxxx-xxxx-1111
2 Ivan Donev +359889000000 ixxx@xxxx.com xxxx-xxxx-xxxx-2222
3 Stanislav Zhelyaskov +359889000000 sxx@xxxx.com xxxx-xxxx-xxxx-3333
4 Ivan Minchev +359889000000 ixx@live.com xxxx-xxxx-xxxx-4444
SELECT * FROM
dbo.Customers

SELECT * FROM dbo.Orders
orderid custid orderdate shipdate shipcountry
1 1 4/20/2015 20:15:49 4/20/2015 20:15:49 Bulgaria
2 1 4/20/2015 20:15:49 4/20/2015 20:15:49 Norway
3 2 4/20/2015 20:15:49 4/20/2015 20:15:49 Norway
4 2 4/20/2015 20:15:49 4/20/2015 20:15:49 Bulgaria
5 3 4/20/2015 20:15:49 4/20/2015 20:15:49 Bulgaria

SELECT * FROM dbo.Orders
orderid custid orderdate shipdate shipcountry
1 1 4/20/2015 20:15:49 4/20/2015 20:15:49 Bulgaria
4 2 4/20/2015 20:15:49 4/20/2015 20:15:49 Bulgaria
5 3 4/20/2015 20:15:49 4/20/2015 20:15:49 Bulgaria

-- user defined function
CREATE FUNCTION Security.fn_securitypredicate (@SalesRep AS sysname)
RETURNS TABLE
WITH SCHEMABINDING
AS
RETURN SELECT 1 AS fn_securitypredicate_result
WHERE @SalesRep = USER_NAME()
OR USER_NAME() = 'Manager';
-- security policy
CREATE SECURITY POLICY SalesFilter
ADD FILTER PREDICATE Security.fn_securitypredicate(SalesRep)
ON dbo.Sales WITH (STATE = ON);
No GUI, folks 

Summary
There’s a lot going on in SQL Azure DB
Easily mask sensitive data with Dynamic Data Masking
Limit the rows users can see with Row Level Security
Be aware of the current issues of RLS

Upcoming events
SQLSaturday #384 on May 30th in Varna!
http://www.sqlsaturday.com/384/

Thank you!
Contacts:
brshristov@live.com
www.borishristov.com
@BorisHristov

This document provides an overview of business intelligence. It defines business intelligence as transforming data into knowledge. It discusses data warehouses as single points of truth that store large amounts of differently designed data. It demonstrates extracting information from data warehouses using T-SQL and visualizing data in Excel models and Power BI reports to provide ready analytics to managers in a beautiful way.

The 5 Hidden Performance Gems of SQL Server 2014Boris Hristov

The Nightmare of Locking, Blocking and Isolation Levels!Boris Hristov

How to Deliver Technical Presentations: The Right Way!Boris Hristov

Have you been to a bad presentation or is it actually you that want to gain and improve your presentation skills? In this session you will learn what makes of a great presentation and what are the mistakes that sometimes even advanced speakers do! You will see and be presented with the most important concepts and techniques that will help you go to the next level and deliver far better presentations for your audience! We will take a look at both the fundamentals and the specifics of a technical presentation and what makes one great!

Top 5 T-SQL Improvements in SQL Server 2014Boris Hristov

Presentation Skills: The Next LevelBoris Hristov

The Nightmare of Locking, Blocking and Isolation Levels!Boris Hristov

SQL Server 2014: Ready. Steady. Go!Boris Hristov

BI PoC for the Telco IndustryBoris Hristov

Presentation Design BasicsBoris Hristov

Have you recently been in a boring presentation? I bet you were. I am also almost sure that one of the reason why you got bored is because of the speaker's slide deck. That is true because 99% of the presenters out there use their presentation software(be that PowerPoint, Prezi or Keynote) in a wrong way. This, of course, leads to missed opportunities for future business, disappointed audiences and probably miscommunicated important information. As presenters we want the opposite! In the slide deck you will find 10 of the fundamental rules of great presentation design which we all need to follow in order to join that 1% of people who make a difference and indeed achieve the goals of their presentations.

Deep Into Isolation LevelsBoris Hristov

The topic of SQL Server concurrency is one that many people want to understand really well, but at the same time is one that doesn't get the needed attention for some reason. In addition, isolation levels can play a huge role in both the performance and the scalability of every application and so the proper choice of isolation level is crucial. In this session we are going to go deep into the world of SQL Server isolation levels and see what is the behaviour of each one of them. We will discuss how we should approach the final decision on which level we should go with and how we can actually effectively troubleshoot concurrency issues. Last, but not at least, we will take a look at what is going on behind the scenes when our applications work and what differentiates one isolation level from the other. The session is suitable for both application developers and DBAs who want to advance their knowledge in the unending world of SQL Server concurrency.

Top 5 T-SQL Improvements in SQL Server 2014Boris Hristov

Database Transactions and SQL Server ConcurrencyBoris Hristov

The document discusses database transactions and transaction management. It begins with an overview of transactions, their properties (atomicity, consistency, isolation, durability known as ACID), and how they are implemented using locks in SQL Server. It then covers transaction isolation levels, locking concepts like lock types and escalation, and how to troubleshoot locking problems including deadlocks. The document provides examples of transactions in SQL Server and demonstrations of managing transactions and concurrency.

Database PerformanceBoris Hristov

This document discusses database performance factors for developers. It covers topics like query execution plans, table indexes, table partitioning, and performance troubleshooting. The goal is to help developers understand how to optimize database performance. It provides examples and recommends analyzing execution plans, properly indexing tables, partitioning large tables, and using a structured approach to troubleshooting performance issues.

You want rules? You need Policy-Based Management!Boris Hristov

Have you ever wanted to check, audit or even enforce a specific option or configuration in your environment? What if I tell you that you can accomplish all of these and even report on the results with just a few clicks? Interested? In this session you will learn about the "hidden power" of Policy-Based Management, Centralised Management Server and EPM Framework and how they can help you keep your environment healthy and under control!

The Nightmare of Locking, Blocking and Isolation Levels!Boris Hristov

This document provides an overview of locking, blocking, and transaction isolation levels in SQL Server. It begins with an introduction to locking and how SQL Server uses locks for concurrency control. It then discusses the different lock types, lock compatibility, and the lock hierarchy. The document demonstrates how to view locking information and troubleshoot locking problems. It also covers lock escalation, deadlocks, and resolving blocking issues. Finally, it concludes with an explanation of the various transaction isolation levels supported by SQL Server and how they differ in terms of concurrency and consistency.

The Nightmare of Locking, Blocking and Isolation LevelsBoris Hristov

Welcome to the nightmare of locking, blocking and isolation levels!Boris Hristov

First Steps with Microsoft SQL ServerBoris Hristov

This document provides an introduction to Microsoft SQL Server. It discusses why data is important for businesses, how SQL Server helps manage data, and an upcoming hands-on session to learn SQL Server 2014. The document outlines the history and components of SQL Server, editions available, how to install and connect to SQL Server instances, and introduces SQL Server Management Studio as the GUI tool. It concludes with a planned Q&A session.

Welcome to the nightmare of locking, blocking and isolation levels!Boris Hristov

The nightmare of locking, blocking and isolation levels!Boris Hristov

Top 5 TSQL Improvements in SQL Server 2014Boris Hristov

Replay your workload as it is your actual one! Boris Hristov

How analogue intelligence complements AIPaul Rowe

Artificial Intelligence is providing benefits in many areas of work within the heritage sector, from image analysis, to ideas generation, and new research tools. However, it is more critical than ever for people, with analogue intelligence, to ensure the integrity and ethical use of AI. Including real people can improve the use of AI by identifying potential biases, cross-checking results, refining workflows, and providing contextual relevance to AI-driven results. News about the impact of AI often paints a rosy picture. In practice, there are many potential pitfalls. This presentation discusses these issues and looks at the role of analogue intelligence and analogue interfaces in providing the best results to our audiences. How do we deal with factually incorrect results? How do we get content generated that better reflects the diversity of our communities? What roles are there for physical, in-person experiences in the digital world?

Build Your Own Copilot & Agents For DevsBrian McKeiver

More Related Content

More from Boris Hristov (20)

Presentation Skills: The Next LevelBoris Hristov

The Nightmare of Locking, Blocking and Isolation Levels!Boris Hristov

SQL Server 2014: Ready. Steady. Go!Boris Hristov

BI PoC for the Telco IndustryBoris Hristov

Presentation Design BasicsBoris Hristov

Deep Into Isolation LevelsBoris Hristov

Top 5 T-SQL Improvements in SQL Server 2014Boris Hristov

Database Transactions and SQL Server ConcurrencyBoris Hristov

Database PerformanceBoris Hristov

You want rules? You need Policy-Based Management!Boris Hristov

The Nightmare of Locking, Blocking and Isolation Levels!Boris Hristov

The Nightmare of Locking, Blocking and Isolation LevelsBoris Hristov

Welcome to the nightmare of locking, blocking and isolation levels!Boris Hristov

First Steps with Microsoft SQL ServerBoris Hristov

Welcome to the nightmare of locking, blocking and isolation levels!Boris Hristov

The nightmare of locking, blocking and isolation levels!Boris Hristov

Top 5 TSQL Improvements in SQL Server 2014Boris Hristov

Replay your workload as it is your actual one! Boris Hristov

Presentation Skills: The Next LevelBoris Hristov

The Nightmare of Locking, Blocking and Isolation Levels!Boris Hristov

SQL Server 2014: Ready. Steady. Go!Boris Hristov

BI PoC for the Telco IndustryBoris Hristov

Presentation Design BasicsBoris Hristov

Deep Into Isolation LevelsBoris Hristov

Top 5 T-SQL Improvements in SQL Server 2014Boris Hristov

Database Transactions and SQL Server ConcurrencyBoris Hristov

Database PerformanceBoris Hristov

You want rules? You need Policy-Based Management!Boris Hristov

The Nightmare of Locking, Blocking and Isolation Levels!Boris Hristov

The Nightmare of Locking, Blocking and Isolation LevelsBoris Hristov

Welcome to the nightmare of locking, blocking and isolation levels!Boris Hristov

First Steps with Microsoft SQL ServerBoris Hristov

Welcome to the nightmare of locking, blocking and isolation levels!Boris Hristov

The nightmare of locking, blocking and isolation levels!Boris Hristov

Top 5 TSQL Improvements in SQL Server 2014Boris Hristov

Replay your workload as it is your actual one! Boris Hristov

Recently uploaded (20)

How analogue intelligence complements AIPaul Rowe

Build Your Own Copilot & Agents For DevsBrian McKeiver

Splunk Security Update | Public Sector Summit Germany 2025Splunk

UiPath Community Berlin: Orchestrator API, Swagger, and Test Manager APIUiPathCommunity

Join this UiPath Community Berlin meetup to explore the Orchestrator API, Swagger interface, and the Test Manager API. Learn how to leverage these tools to streamline automation, enhance testing, and integrate more efficiently with UiPath. Perfect for developers, testers, and automation enthusiasts! 📕 Agenda Welcome & Introductions Orchestrator API Overview Exploring the Swagger Interface Test Manager API Highlights Streamlining Automation & Testing with APIs (Demo) Q&A and Open Discussion Perfect for developers, testers, and automation enthusiasts! 👉 Join our UiPath Community Berlin chapter: https://community.uipath.com/berlin/ This session streamed live on April 29, 2025, 18:00 CET. Check out all our upcoming UiPath Community sessions at https://community.uipath.com/events/.

Manifest Pre-Seed Update | A Humanoid OEM Deeptech In Francechb3

Cyber Awareness overview for 2025 month of securityriccardosl1

Linux Professional Institute LPIC-1 Exam.pdfRHCSA Guru

Quantum Computing Quick Research Guide by Arthur MorganArthur Morgan

This is a Quick Research Guide (QRG). QRGs include the following: - A brief, high-level overview of the QRG topic. - A milestone timeline for the QRG topic. - Links to various free online resource materials to provide a deeper dive into the QRG topic. - Conclusion and a recommendation for at least two books available in the SJPL system on the QRG topic. QRGs planned for the series: - Artificial Intelligence QRG - Quantum Computing QRG - Big Data Analytics QRG - Spacecraft Guidance, Navigation & Control QRG (coming 2026) - UK Home Computing & The Birth of ARM QRG (coming 2027) Any questions or comments? - Please contact Arthur Morgan at [email protected]. 100% human made.

Transcript: #StandardsGoals for 2025: Standards & certification roundup - Tec...BookNet Canada

Book industry standards are evolving rapidly. In the first part of this session, we’ll share an overview of key developments from 2024 and the early months of 2025. Then, BookNet’s resident standards expert, Tom Richardson, and CEO, Lauren Stewart, have a forward-looking conversation about what’s next. Link to recording, presentation slides, and accompanying resource: https://bnctechforum.ca/sessions/standardsgoals-for-2025-standards-certification-roundup/ Presented by BookNet Canada on May 6, 2025 with support from the Department of Canadian Heritage.

Electronic_Mail_Attacks-1-35.pdf by xploitniftliyevhuseyn

tecnologias de las primeras civilizaciones.pdffjgm517

Procurement Insights Cost To Value Guide.pptxJon Hansen

Into The Box Conference Keynote Day 1 (ITB2025)Ortus Solutions, Corp

Cybersecurity Identity and Access Solutions using Azure ADVICTOR MAESTRE RAMIREZ

What is Model Context Protocol(MCP) - The new technology for communication bw...Vishnu Singh Chundawat

The MCP (Model Context Protocol) is a framework designed to manage context and interaction within complex systems. This SlideShare presentation will provide a detailed overview of the MCP Model, its applications, and how it plays a crucial role in improving communication and decision-making in distributed systems. We will explore the key concepts behind the protocol, including the importance of context, data management, and how this model enhances system adaptability and responsiveness. Ideal for software developers, system architects, and IT professionals, this presentation will offer valuable insights into how the MCP Model can streamline workflows, improve efficiency, and create more intuitive systems for a wide range of use cases.

SAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdfPrecisely

How Can I use the AI Hype in my Business Context?Daniel Lehner

𝙄𝙨 𝘼𝙄 𝙟𝙪𝙨𝙩 𝙝𝙮𝙥𝙚? 𝙊𝙧 𝙞𝙨 𝙞𝙩 𝙩𝙝𝙚 𝙜𝙖𝙢𝙚 𝙘𝙝𝙖𝙣𝙜𝙚𝙧 𝙮𝙤𝙪𝙧 𝙗𝙪𝙨𝙞𝙣𝙚𝙨𝙨 𝙣𝙚𝙚𝙙𝙨? Everyone’s talking about AI but is anyone really using it to create real value? Most companies want to leverage AI. Few know 𝗵𝗼𝘄. ✅ What exactly should you ask to find real AI opportunities? ✅ Which AI techniques actually fit your business? ✅ Is your data even ready for AI? If you’re not sure, you’re not alone. This is a condensed version of the slides I presented at a Linkedin webinar for Tecnovy on 28.04.2025.

Andrew Marnell: Transforming Business Strategy Through Data-Driven InsightsAndrew Marnell

HCL Nomad Web – Best Practices and Managing Multiuser Environmentspanagenda

Webinar Recording: https://www.panagenda.com/webinars/hcl-nomad-web-best-practices-and-managing-multiuser-environments/ HCL Nomad Web is heralded as the next generation of the HCL Notes client, offering numerous advantages such as eliminating the need for packaging, distribution, and installation. Nomad Web client upgrades will be installed “automatically” in the background. This significantly reduces the administrative footprint compared to traditional HCL Notes clients. However, troubleshooting issues in Nomad Web present unique challenges compared to the Notes client. Join Christoph and Marc as they demonstrate how to simplify the troubleshooting process in HCL Nomad Web, ensuring a smoother and more efficient user experience. In this webinar, we will explore effective strategies for diagnosing and resolving common problems in HCL Nomad Web, including - Accessing the console - Locating and interpreting log files - Accessing the data folder within the browser’s cache (using OPFS) - Understand the difference between single- and multi-user scenarios - Utilizing Client Clocking

Enhancing ICU Intelligence: How Our Functional Testing Enabled a Healthcare I...Impelsys Inc.

How analogue intelligence complements AIPaul Rowe

Build Your Own Copilot & Agents For DevsBrian McKeiver

Splunk Security Update | Public Sector Summit Germany 2025Splunk

UiPath Community Berlin: Orchestrator API, Swagger, and Test Manager APIUiPathCommunity

Manifest Pre-Seed Update | A Humanoid OEM Deeptech In Francechb3

Cyber Awareness overview for 2025 month of securityriccardosl1

Linux Professional Institute LPIC-1 Exam.pdfRHCSA Guru

Quantum Computing Quick Research Guide by Arthur MorganArthur Morgan

Transcript: #StandardsGoals for 2025: Standards & certification roundup - Tec...BookNet Canada

Electronic_Mail_Attacks-1-35.pdf by xploitniftliyevhuseyn

tecnologias de las primeras civilizaciones.pdffjgm517

Procurement Insights Cost To Value Guide.pptxJon Hansen

Into The Box Conference Keynote Day 1 (ITB2025)Ortus Solutions, Corp

Cybersecurity Identity and Access Solutions using Azure ADVICTOR MAESTRE RAMIREZ

What is Model Context Protocol(MCP) - The new technology for communication bw...Vishnu Singh Chundawat

SAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdfPrecisely

How Can I use the AI Hype in my Business Context?Daniel Lehner

Andrew Marnell: Transforming Business Strategy Through Data-Driven InsightsAndrew Marnell

HCL Nomad Web – Best Practices and Managing Multiuser Environmentspanagenda

Enhancing ICU Intelligence: How Our Functional Testing Enabled a Healthcare I...Impelsys Inc.

Securing SQL Azure DB? How?

1. April 25 Boris Hristov, SQL Server MVP Securing SQL Azure DB?

2. Thanks to our Sponsors: Global Sponsor: Platinum Sponsors: Swag Sponsors: Media Partners: With the support of:

3. So who am I? @BorisHristov

4. That’s not a marketing talk! Disclaimer:

5. time coolness Session’s Timeline Dynamic Data Masking Row Level Security

6. Dynamic Data Masking

7. “Have you ever…”

8. SELECT * FROM dbo.Customers custid FirstNam e LastName PhoneNumber EmailAddress CreditcardNumber 1 Boris Hristov +359889000000 [email protected] 1111-1111-1111-1111 2 Ivan Donev +359889000000 [email protected] 2222-2222-2222-2222 3 Stanislav Zhelyaskov +359889000000 [email protected] 3333-3333-3333-3333 4 Ivan Minchev +359889000000 [email protected] 4444-4444-4444-4444

9. custid FirstNam e LastName PhoneNumbe r EmailAddress CreditcardNumber 1 Boris Hristov +359889000000 [email protected] xxxx-xxxx-xxxx-1111 2 Ivan Donev +359889000000 [email protected] xxxx-xxxx-xxxx-2222 3 Stanislav Zhelyaskov +359889000000 [email protected] xxxx-xxxx-xxxx-3333 4 Ivan Minchev +359889000000 [email protected] xxxx-xxxx-xxxx-4444 SELECT * FROM dbo.Customers

10. Dynamic Data Masking

11. DEMO Dynamic Data Masking

12. Row Level Security

13. “Have you ever…”

14. SELECT * FROM dbo.Orders orderid custid orderdate shipdate shipcountry 1 1 4/20/2015 20:15:49 4/20/2015 20:15:49 Bulgaria 2 1 4/20/2015 20:15:49 4/20/2015 20:15:49 Norway 3 2 4/20/2015 20:15:49 4/20/2015 20:15:49 Norway 4 2 4/20/2015 20:15:49 4/20/2015 20:15:49 Bulgaria 5 3 4/20/2015 20:15:49 4/20/2015 20:15:49 Bulgaria

15. SELECT * FROM dbo.Orders orderid custid orderdate shipdate shipcountry 1 1 4/20/2015 20:15:49 4/20/2015 20:15:49 Bulgaria 4 2 4/20/2015 20:15:49 4/20/2015 20:15:49 Bulgaria 5 3 4/20/2015 20:15:49 4/20/2015 20:15:49 Bulgaria

16. How is that possible?

17. “Ту партс!”

18. -- user defined function CREATE FUNCTION Security.fn_securitypredicate (@SalesRep AS sysname) RETURNS TABLE WITH SCHEMABINDING AS RETURN SELECT 1 AS fn_securitypredicate_result WHERE @SalesRep = USER_NAME() OR USER_NAME() = 'Manager'; -- security policy CREATE SECURITY POLICY SalesFilter ADD FILTER PREDICATE Security.fn_securitypredicate(SalesRep) ON dbo.Sales WITH (STATE = ON); No GUI, folks 

19. DEMO Row Level Security

20. Cool, huh?

21. Not that fast…

22. time coolness Session’s Timeline Dynamic Data Masking Row Level Security

23. DEMO Row Level Security Issues

24. So is that a security feature then?

25. Or is that a programmability feature?

26. Summary There’s a lot going on in SQL Azure DB Easily mask sensitive data with Dynamic Data Masking Limit the rows users can see with Row Level Security Be aware of the current issues of RLS

27. Upcoming events SQLSaturday #384 on May 30th in Varna! http://www.sqlsaturday.com/384/

28. Thank you! Contacts: [email protected] www.borishristov.com @BorisHristov

Securing SQL Azure DB? How?

Recommended

More Related Content

More from Boris Hristov (20)

Recently uploaded (20)

Securing SQL Azure DB? How?