Row and column access control (RCAC) rules

Row and column access control (RCAC) places access control at the table level around the data itself. SQL rules created on rows and columns are the basis of the implementation of this capability.

Row and column access control is an access control model in which a security administrator manages privacy and security policies. RCAC permits all users to access the same table, as opposed to alternative views of a table. RCAC does however, restrict access to the table based upon individual user permissions or rules as specified by a policy associated with the table. There are two sets of rules, one set operates on rows, and the other on columns.

• Row permission
  • A row permission is a database object that expresses a row access control rule for a specific table.
  • A row access control rule is an SQL search condition that describes what set of rows a user has access to.
• Column mask
  • A column mask is a database object that expresses a column access control rule for a specific column in a table.
  • A column access control rule is an SQL CASE expression that describes what column values a user is permitted to see and under what conditions.