Quantcast
Channel: SQL Server Label Security Toolkit
Viewing all 35 articles
Browse latest View live

Updated Wiki: Documentation

July 19, 2011, 6:47 am
$
0
0
A deep discussion on label security is available with the whitepaper: http://download.microsoft.com/download/8/8/0/880F282A-AA4E-4351-83C0-DFFA3B56A19E/SQL_Server_RLS-CLS_White_paper.docx

A security label is a piece of information that describes the sensitivity of a data item (an object). It is a string containing markings from one or more categories. Users (subjects) have permissions described with the same markings. Essentially, each subject has a label of its own. To determine access to a particular object, the subject’s label is compared against the label on the object.

The Label Security Toolkit contains tools and design guidance for implementing label-based row and cell level security with SQL Server 2005 and later.

Documentation

The following documentation is provided with the Label Security Toolkit.

• Using the Label Security Toolkit
• Database Developer’s Reference
• RLS/CLS Framework Design Whitepaper
• Readme files for each sample

To quickly get oriented with the toolkit and the Label Policy Designer, start with Using the Label Security Toolkit. The document introduces label-based access control, walks through the use of the Label Policy Designer, and explains how to configure your application data model to support row/cell level security.

The Database Developer’s Reference contains more detailed reference information on the database objects used to implement row and cell level security, as well as other in-depth topics.

The Framework Design Whitepaper is a backgrounder which explains the design on which the Label Security Toolkit is based. You do not need to read this to use the toolkit, but if you want to understand the internals, this is the place to look. This document will be available soon.

Label Policy Designer Tool

Use the Label Policy Designer Tool to implement the row/cell level security framework. It allows you to design a specific taxonomy of markings, and set the rules used to validate and compare labels. Based on this logical definition, the tool will create the framework in a target database (or generate a deployment script).

The tool can also be used for basic maintenance/administration of an existing label policy, including adding/removing valid markings and removing the label policy from a database.

Samples

Included with the toolkit are several samples demonstrating implementation of RLS/CLS databases. These are an important companion to the documentation for understanding the details of using row- or cell-level security. These examples include:
  • Applying label policies to a target database
  • Creating application tables and views
  • Using updateable views to handle write operations
  • Writing instead-of triggers to handle write operations
  • Writing custom code against a database with row/cell level security

Permissions

The Label Policy Designer requires full database owner rights on the target database. It should be used only by administrators with clearance to data stored in these databases. As an alternative, the tool can be used to set up the label policy(s) before sensitive data is added to the database, and then the administrator’s rights can be reduced. In any case, other routine administrative work such as taking backups or administering user permissions can be performed with lesser privileges that do not require full database access.

Search

Updated Wiki: Documentation

July 19, 2011, 6:48 am
$
0
0
A deep discussion on label security is available with the whitepaper: http://download.microsoft.com/download/8/8/0/880F282A-AA4E-4351-83C0-DFFA3B56A19E/SQL_Server_RLS-CLS_White_paper.docx

A security label is a piece of information that describes the sensitivity of a data item (an object). It is a string containing markings from one or more categories. Users (subjects) have permissions described with the same markings. Essentially, each subject has a label of its own. To determine access to a particular object, the subject’s label is compared against the label on the object.

The Label Security Toolkit contains tools and design guidance for implementing label-based row and cell level security with SQL Server 2005 and later.

Documentation

The following documentation is provided with the Label Security Toolkit.

• Using the Label Security Toolkit
• Database Developer’s Reference
• RLS/CLS Framework Design Whitepaper
• Readme files for each sample

To quickly get oriented with the toolkit and the Label Policy Designer, start with Using the Label Security Toolkit. The document introduces label-based access control, walks through the use of the Label Policy Designer, and explains how to configure your application data model to support row/cell level security.

The Database Developer’s Reference contains more detailed reference information on the database objects used to implement row and cell level security, as well as other in-depth topics.

The Framework Design Whitepaper is a backgrounder which explains the design on which the Label Security Toolkit is based. You do not need to read this to use the toolkit, but if you want to understand the internals, this is the place to look. This document will be available soon.

Label Policy Designer Tool

Use the Label Policy Designer Tool to implement the row/cell level security framework. It allows you to design a specific taxonomy of markings, and set the rules used to validate and compare labels. Based on this logical definition, the tool will create the framework in a target database (or generate a deployment script).

The tool can also be used for basic maintenance/administration of an existing label policy, including adding/removing valid markings and removing the label policy from a database.

Samples

Included with the toolkit are several samples demonstrating implementation of RLS/CLS databases. These are an important companion to the documentation for understanding the details of using row- or cell-level security. These examples include:
  • Applying label policies to a target database
  • Creating application tables and views
  • Using updateable views to handle write operations
  • Writing instead-of triggers to handle write operations
  • Writing custom code against a database with row/cell level security

Permissions

The Label Policy Designer requires full database owner rights on the target database. It should be used only by administrators with clearance to data stored in these databases. As an alternative, the tool can be used to set up the label policy(s) before sensitive data is added to the database, and then the administrator’s rights can be reduced. In any case, other routine administrative work such as taking backups or administering user permissions can be performed with lesser privileges that do not require full database access.

Updated Wiki: Home

July 19, 2011, 6:49 am
$
0
0
Project Description
The Label Security Toolkit provides tools and techniques for using Microsoft® SQL Server (versions 2005 through 2008 R2) to implement row-level security (RLS) and cell-level security (CLS) based on security labels.

The major components of the Toolkit are:

• The Label Policy Designer application
• Documentation
• Examples showing the implementation of row- and cell-level security in different scenarios


The toolkit complements the whitepaper: http://download.microsoft.com/download/8/8/0/880F282A-AA4E-4351-83C0-DFFA3B56A19E/SQL_Server_RLS-CLS_White_paper.docx.

For more information about securing SQL Server, visit http://www.microsoft.com/sqlserver/en/us/solutions-technologies/mission-critical-operations/security-and-compliance.aspx

Source code checked in, #68011

July 19, 2011, 12:11 pm

Source code checked in, #68012

July 19, 2011, 12:13 pm

Released: SQL Server Label Security Toolkit 1.0 (Jul 03, 2011)

July 19, 2011, 12:16 pm
$
0
0
SQL Server Label Security Toolkit installer.

Updated Release: SQL Server Label Security Toolkit 1.0 (Jul 03, 2011)

July 19, 2011, 12:16 pm
$
0
0
SQL Server Label Security Toolkit installer.

New Comment on "Documentation"

February 15, 2012, 2:09 pm
$
0
0
The 'A deep discussion on label security is available with the whitepaper' link above doesn't work ( SQL_Server_RLS-CLS_White_paper.docx ). Can someone please post a working link to it as all of my Googled results just point to the same URL
Search

New Comment on "Documentation"

March 3, 2012, 10:17 am
$
0
0
http://sqlmaster.nl/index.php?option=com_docman&task=cat_view&gid=11&limit=5&limitstart=25&order=name&dir=DESC&Itemid=5

Source code checked in, #74701

March 3, 2012, 7:52 pm

Created Release: SQL Server Label Security Toolkit 2.0 (Mar 03, 2012)

March 3, 2012, 8:02 pm
$
0
0
SQL Server Label Security Toolkit installer.

Updated Release: SQL Server Label Security Toolkit 2.0 (Mar 03, 2012)

March 3, 2012, 8:03 pm
$
0
0
SQL Server Label Security Toolkit installer.

Released: SQL Server Label Security Toolkit 2.0 (Mar 03, 2012)

March 3, 2012, 8:04 pm
$
0
0
SQL Server Label Security Toolkit installer.

Updated Release: SQL Server Label Security Toolkit 2.0 (Mar 03, 2012)

March 3, 2012, 8:04 pm
$
0
0
SQL Server Label Security Toolkit installer.

Updated Wiki: Home

March 3, 2012, 8:05 pm
$
0
0
Project Description
The Label Security Toolkit provides tools and techniques for using Microsoft® SQL Server (versions 2005 through 2008 R2) to implement row-level security (RLS) and cell-level security (CLS) based on security labels.

The major components of the Toolkit are:

• The Label Policy Designer application
• Documentation
• Examples showing the implementation of row- and cell-level security in different scenarios


The toolkit complements the whitepaper: http://download.microsoft.com/download/8/8/0/880F282A-AA4E-4351-83C0-DFFA3B56A19E/SQL_Server_2012_RLS_and_CLS_White_Paper_January2012.docx.

For more information about securing SQL Server, visit http://www.microsoft.com/sqlserver/en/us/solutions-technologies/mission-critical-operations/security-and-compliance.aspx
Search

New Post: Label security for multi-tenant hierarchy?

March 29, 2012, 7:46 am
$
0
0

Hi,

We're looking at possible solutions to provide some sort of hierarchical multi tenancy.

I'm starting to realise that this isn't a pure multi-tenancy problem, as my research generally shows that multi tenancy is more around creating complete segmentation between tenants - whereas we need this to act in a hierarchy... so perhaps this could be more though of as a row level access problem?

For example, people within a unit at the top of the hierarchy can see data below them.

But also people within a unit at the top can create data which they can give read access to people below them in the hierarchy.

It seems unwise to come up with our own architecture for this problem when if we apply our problem to the labelling concept.

However, this sort of labelling seems appropriate when the are controllable number of predefined "markings" (I think I've got the right terminology), but would this scale well when applied to business units where there would be hundreds with a large depth?

-thanks for your help

Alex.

 

New Post: Adding a new Category post go live

August 15, 2012, 3:31 am
$
0
0

Hi

If we need to add a new category after the system has gone live, what is the recommended way to do this? I can't see any function that enables this and I imagine that adding a new record in the category table isn't enough due to references in views/functions/sp's.

Is the only way to maintain this through the Desginer? This will involve dropping everything in the target security database and then running the "Apply" process. Correct me if I'm wrong here.

Many Thanks.

Rahil

New Post: Label security for multi-tenant hierarchy?

September 15, 2012, 4:18 am
$
0
0

Hi Alex,

Please take a look at www.techcello.com.  We have implemented multi-tenant hierarchy and expose it as API.  Ours is a platform built on top of .NET.  So, if you would like to build an application involving tenant hierarchy, you can easily consume our APIs and build your business application quickly.

Few of the use cases:

- Distributor/dealer kind of business applications.  An enterprise has multiple distributors (at top level) in different countries/cities and they have sub-dealers to reach out to end customers.  If you are trying to build an inventory system or customer relationship system or billing system for this kind of setup, it can quite become tricky with privileges and data access. 

- Loyalty management system for a chain of stores:  Imagine an ISV trying to build a loyalty management system providng services for multiple brands and multiple stores.  You need to have some kind of tenant hierarchy between stores.

Thank you.

info@techcello.com

 

Source code checked in, #79961

October 1, 2012, 2:08 pm

Source code checked in, #79962

October 1, 2012, 2:14 pm
$
0
0
Upgrade: New Version of LabDefaultTemplate.xaml. To upgrade your build definitions, please visit the following link: http://go.microsoft.com/fwlink/?LinkId=254563
Viewing all 35 articles
Browse latest View live
Search

Latest Images

7 clever tricks Primark does to keep you walking & buying more than you need...

7 clever tricks Primark does to keep you walking & buying more than you need...

July 20, 2025, 5:14 am
Art for Everyone! Autism advocacy, local stories, and indigenous pride in one...

Art for Everyone! Autism advocacy, local stories, and indigenous pride in one...

July 20, 2025, 5:06 am
Paintings of English Downs 2

Paintings of English Downs 2

July 20, 2025, 4:30 am
How Kerala Women Rescued a Dying Forest and Turned It Into a Safe Haven for...

How Kerala Women Rescued a Dying Forest and Turned It Into a Safe Haven for...

July 20, 2025, 3:30 am
Met Eireann warns of heavy rain & spot flooding for DAYS before big...

Met Eireann warns of heavy rain & spot flooding for DAYS before big...

July 20, 2025, 1:14 am
Who is Kevin Lerena’s wife Geraldine?

Who is Kevin Lerena’s wife Geraldine?

July 20, 2025, 12:57 am
Man stabs woman, baby to death inside Queens home, police say

Man stabs woman, baby to death inside Queens home, police say

July 19, 2025, 11:00 pm
Ang papel ni whistleblower Julie Patidongan sa kaso ng mga nawawalang sabungero

Ang papel ni whistleblower Julie Patidongan sa kaso ng mga nawawalang sabungero

July 19, 2025, 9:45 pm
Telangana Human Rights Commission (TGHRC) seeks report from revenue dept on...

Telangana Human Rights Commission (TGHRC) seeks report from revenue dept on...

July 19, 2025, 7:29 pm
Crisis-hit NHS fat cats raking in MASSIVE salaries as frontline services cry...

Crisis-hit NHS fat cats raking in MASSIVE salaries as frontline services cry...

July 19, 2025, 2:11 pm
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>