Row-Level Security, or RLS, refers to the practice of controlling access to data in a database by row, so that users are only able to access the data they are authorized for. This contrasts with database-level or table-level security which controls access to entire databases or tables, respectively.
There are many advantages to implementing data security at the row level, instead of at higher levels. The most obvious is that you can then store data that has different security requirements in the same databases or tables, instead of segregating that data into separate databases or tables. This helps organizations reduce the complexity of their data storage, which yields benefits both in the time it takes to design and maintain systems, as well as the cost of the systems required to host that data. In this way row-level security is a type of logical segregation of data. You can read more about the types of data segregation in our blog post on data segregation.
Row-level security requires that an organization’s data security solution is aware of enough context to correctly evaluate and enforce data access policies at the row or record level. This is best accomplished by having Attribute-Based Access Control (ABAC) policies that dynamically evaluate the attributes of the data being accessed and the user requesting access, so that an access decision can be made for each individual record included in the data access request. By making the data access decision for each row, records that a user should not have access to can be excluded from the results returned by a query, or in the display of records from a table. By excluding the records from the data set available to user, the chances of data being accessed by those unauthorized to view are reduced.
Visit our product technology page to find out more about NextLabs products and how Row-Level Security is used by organizations to protect their sensitive data.