mirror of
https://github.com/Microsoft/sql-server-samples.git
synced 2025-12-08 14:58:54 +00:00
57 lines
2.9 KiB
Transact-SQL
57 lines
2.9 KiB
Transact-SQL
-- Demonstrate Dynamic Data Masking
|
||
--
|
||
-- Make sure to connect using a privileged user such as the database owner or sysadmin
|
||
|
||
IF NOT EXISTS (SELECT 1 FROM sys.server_principals WHERE name = N'GreatLakesUser')
|
||
BEGIN
|
||
CREATE LOGIN GreatLakesUser
|
||
WITH PASSWORD = N'SQLRocks!00',
|
||
CHECK_POLICY = OFF,
|
||
CHECK_EXPIRATION = OFF,
|
||
DEFAULT_DATABASE = WideWorldImporters;
|
||
END;
|
||
GO
|
||
|
||
USE WideWorldImporters;
|
||
GO
|
||
|
||
IF NOT EXISTS(SELECT * FROM sys.database_principals WHERE name = N'GreatLakesUser')
|
||
BEGIN
|
||
CREATE USER GreatLakesUser FOR LOGIN GreatLakesUser;
|
||
END;
|
||
GO
|
||
|
||
ALTER ROLE [Great Lakes Sales] ADD MEMBER GreatLakesUser;
|
||
GO
|
||
|
||
-- grant SELECT rights to role principal
|
||
GRANT SELECT ON Purchasing.Suppliers TO [Great Lakes Sales];
|
||
GO
|
||
|
||
-- select with current UNMASK rights (NOTE row count and data values), assuming you are connected using a privileged user
|
||
SELECT SupplierID, SupplierName, BankAccountName, BankAccountBranch, BankAccountCode, BankAccountNumber FROM Purchasing.Suppliers;
|
||
|
||
-- impersonate the user GreatLakesUser
|
||
EXECUTE AS USER = 'GreatLakesUser';
|
||
GO
|
||
|
||
-- select with impersonated MASKED rights (NOTE row count and data values)
|
||
SELECT SupplierID, SupplierName, BankAccountName, BankAccountBranch, BankAccountCode, BankAccountNumber FROM Purchasing.Suppliers;
|
||
GO
|
||
|
||
REVERT;
|
||
GO
|
||
|
||
-- Clean-up (optional)
|
||
/*
|
||
REVOKE SELECT ON Purchasing.Suppliers TO [Great Lakes Sales];
|
||
GO
|
||
|
||
DROP USER GreatLakesUser;
|
||
GO
|
||
|
||
DROP LOGIN GreatLakesUser;
|
||
GO
|
||
|
||
*/
|