This feature is new, starting from version SQL Server 2016. Row-level security was a security challenge for a long time. It was implemented through different sets of add-ons and tools. However, this is now built into the database engine and SQL language. Imagine this scenario: a sales person has read permission on the Sales
table, but you want each sales person to only see their own sales records, and the manager should see all the records. If you look at this problem through the classic user-permission chain, it is impossible to implement it. However, the row-level security feature makes it possible.
Let's see how it works:
1> USE Sandbox2> GO--Create three users without logins1> CREATE USER Manager WITHOUT LOGIN;2> CREATE USER Sales1 WITHOUT LOGIN;3> CREATE USER Sales2 WITHOUT LOGIN;4> GO -- Create Sales table1> CREATE TABLE Sales(2> OrderID int,3> SalesRep sysname,4> Product varchar(10),5> Qty int )6> GO-- Add some sample data1>...