Azure SQL - Row Level Security (RLS) Using O365 Groups

%3CLINGO-SUB%20id%3D%22lingo-sub-1692136%22%20slang%3D%22en-US%22%3EAzure%20SQL%20-%20Row%20Level%20Security%20(RLS)%20Using%20O365%20Groups%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1692136%22%20slang%3D%22en-US%22%3E%3CP%3EIs%20it%20possible%20to%20set%20Row%20Level%20Security%20using%20O365%20Groups%20in%20an%20Azure%20SQL%20database%20table%3F%3CBR%20%2F%3E%3CBR%20%2F%3EI%20have%20a%20task%20table%20with%20an%20%22Assigned%20To%22%20(assignedTo)%20column%20(varchar%20-%20255).%20It%20stores%20the%20email%20address%20of%20an%20employee%20OR%20o365%20Group.%20I%20need%20to%20use%20that%20value%20to%20set%20Row%20Level%20Security%20for%20the%20row.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1692136%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
New Contributor

Is it possible to set Row Level Security using O365 Groups in an Azure SQL database table?

I have a task table with an "Assigned To" (assignedTo) column (varchar - 255). It stores the email address of an employee OR o365 Group. I need to use that value to set Row Level Security for the row.

1 Reply

@zshane15 , O365 works with Azure Active Directory, so, why not?

At first, you need to connect your Azure SQL Server instance to AAD following this topic: https://docs.microsoft.com/en-us/azure/azure-sql/database/authentication-aad-configure?tabs=azure-po... 

Creating a dynamic group in AAD would be a good idea: https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/groups-create-rule

Once done, one or more users (or a group) as a member to custom or builtin database roles with the specific permissions appropriate to that group of users. Implement your RLS.