Using programmable objects for RLS protects sensitive data very well because users don't have direct access to the tables. However, the implementation of such a security might be very complex for existing applications that don't use stored procedures, and other programmable objects. This is why SQL Server 2016 and 2017 include predicate-based RLS. A DBA creates the security filters and policies. The new security policies are transparent to the application. RLS is available in the Standard, Enterprise, and Developer editions. There are two types of RLS security predicates:
- Filter predicates that silently filter the rows the application reads. For these predicates, no application change is needed. Note that, ...