Row-level access control enables the database owner or table owner to create a secure data access environment automatically, by providing:
More granular data security: you can set permissions for individual rows, not just tables and columns
Automatic data filtering according to group, role, and application
Data-level security encoded in the server
Row-level access control restricts access to data in a table’s individual rows, through three features:
Access rules that the database owner defines and binds to the table
Application Context Facility, which provides built-in functions that define, store, and retrieve user-defined contexts
Login triggers that the database owner, sa_role, or the user can create
Adaptive Server enforces row-level access control for all data manipulation languages (DMLs), preventing users from bypassing the access control to get to the data.
The syntax for configuring your system for row-level access control is:
sp_configure "enable row level access", 1
This option slightly increases the amount of memory Adaptive Server uses, and you need an ASE_RLAC license option. Row-level access control is a dynamic option, so you need not restart Adaptive Server.
Row-level access can also be granted using a where clause on the grant statement. Use this method of row-level access control if your privacy policy depends on data in other tables or on the full expression of SQL through a subquery. See “Granting Predicated Privileges”.
