[IQUG] Possible to restrict user access to certain columns?

Børnes Alexander Fuentes alexander.bornes at lindorff.com
Tue Jan 30 05:57:19 MST 2018


As a part our EU GDPR regulations compliance efforts we are investigating different ways to limit user access to sensitive data on database level, i.e. by limiting the users' access to certain table columns that contain sensitive data.

However, we have found no practical way of achieving this goal.

Creating views that contain only the allowed columns does not solve the problem because the user will have to be granted permissions on the table level. Thus, the users can access restricted data by quering the table directly instead of quering the view.

SELECT privileges may be granted at the column level instead of at table level. However, that is quite a cumbersome regime to maintain. Especially since the error message generated if a column without select privileges is queried will be a generic table level permission error.

Materialized views could perhaps have resolved the issue but those are not supported by IQ.

The only resolution I see is combining SELECT privileges at column level with creation of views based on the permitted columns (so that select * may be applied without error message).

Does anybody have any other suggestions as to how to restrict users access to explicit table columns?

With kind regards,
Alexander Børnes
DBA Data Warehouse
Direct: +47 24 16 20 49
Mobile: +47 45 00 22 52

[lindorff e-postlogo.png]
Hoffsveien 70 B, PO Box 283 Skøyen, NO-0213 Oslo, Norway
Switchboard: +47 23 21 10 00
** This message including any attachments may contain confidential and/or privileged information intended only for the person or entity to which it is addressed. If you are not the intended recipient you should delete this message and notify the sender. Thank you.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://iqug.org/pipermail/iqug/attachments/20180130/8dfd2267/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 2249 bytes
Desc: image001.png
URL: <http://iqug.org/pipermail/iqug/attachments/20180130/8dfd2267/attachment.png>

More information about the IQUG mailing list