Introduction

To comply with various government regulations and industry standards from countries around the world, organizations need to implement procedures and methods to ensure that information is adequately protected. These regulations and standards stipulate that an individual is allowed access only to the subset of that information that is needed to perform their job. For example, according to the US Health Insurance Portability and Accountability Act (HIPAA), a doctor is authorized to view the medical records of their own patients but not the records of other patients. Similarly, according to the Payment Card Industry Data Security Standard (PCI DSS), access to cardholder data such as the credit card number must be restricted by business need-to-know. For information stored in relational databases, the ability to control data access at the row and column levels satisfies this requirement.

This paper starts by reviewing traditional methods for tackling the row and column access control problem and introduces the new row permission and column mask concepts as an elegant and more effective alternative to the traditional methods. After that, new permission and mask dependencies are discussed along with the introduction of secure functions and secure triggers. A use scenario illustrates how to use row permissions and column masks to meet required access controls. Lastly, this paper provides you with a set of best practices to follow when using row permissions and column masks.

Download the report to get started!