0

ways to restrict data

Is there a way to restrict data  at table level across schema.

say example.

i have 500 tables spread across 100 schemas, how do i limit the data for all tables across one shot.

i dont want to go to each table level and apply filter. can we create a session variable and use it inside table query? is that possible?

7replies Oldest first
  • Oldest first
  • Newest first
  • Active threads
  • Popular
  • Unfortunately no. It is in our roadmap to support variables in extract SQL and we will make sure to get it out soon.

    Reply Like
  • @Ram -- are you talking  about applying security to the SQL that extracts data from your source systems like Amit addressed below?  Or are you talking about applying security to your 500 Incorta tables?  If the latter, keep in mind that your only have to define your security filters on the childmost tables.  The security will be carried over to the parent tables from there.

    Reply Like
    • Dan Brock i missed the update Dan, I m talking about source system only here.

      Reply Like
  • Dan Brock , can you elaborate more on this? I'm implementing RLS and CLS right now for a client, and they have direct SQL on top of schema views, extracting information at many different levels - essentially duplicating data through data wrangling.

    In essence, are you saying that if I apply CLS/RLS at the child most tables, that even the SQL applied to them in other schemas will have the same security filters applied?

    Reply Like
    • Ryan Daly Hi Ryan, for RLS if you apply your security rules at the childmost table level and your SQL query returns data from that childmost table then the logic of the security filter will apply to the child table and any parent (or grandparent, etc.) table that joins off of that child.  If you're just querying a parent table, and there is no security filter defined at that parent table per se, there will be no security filter employed.  

       

      How are you implementing CLS?

       

      Thanks,

      Dan

      Reply Like
    • Dan Brock Thanks Dan for the details, I'll look into further with that in mind.

      As for CLS, we're working to follow a similar approach presented by Ashwin where we mask the data, not necessarily restrict column visibility. We're running into issues with Session Variables not working as anticipated, and support has been very slow to respond to schedule a call to discuss.

      https://community.incorta.com/t/x1jknq/how-to-implement-column-level-security

       

      Regards,
      Ryan

      Reply Like
    • Hello Ryan Daly ,  we will update the support ticket with the meeting details for today as requested. Thanks

      Reply Like
Like Follow
  • 3 mths agoLast active
  • 7Replies
  • 74Views
  • 5 Following