Row and column access control (RCAC) rules
Row and column access control (RCAC) places access control at the table level around the data itself. SQL rules that are created on rows and columns are the basis of the implementation of this capability.
Row and column access control is an access control model in which a security administrator manages privacy and security policies. RCAC rules grant all users access to the same table, rather than alternative views of a table. However, RCAC does restrict access to the table based on individual user permissions or rules as specified by a policy associated with the table. RCAC is based on two sets of rules. One set operates on rows (row permission) and the other set operates on columns (column mask).
- Row permission
- A row permission is a database object that expresses a row access control rule for a specific table.
- A row access control rule is an SQL search condition that describes what set of rows a user has access to.
- Column mask
- A column mask is a database object that expresses a column access control rule for a specific column in a table.
- A column access control rule is an SQL CASE expression that describes what column values a user is able to see and under what conditions.