DP 203 Row Level Security and DDM

Hemantbharti Vishnubharti Gosai 0 Reputation points
2024-08-18T02:06:46.62+00:00

Hi Team,

I am currently preparing for the DP-203 exam and practicing with the Practice Assessment on Microsoft Learning. I encountered a question (see the screenshot below) where the system indicated the answer was incorrect. However, when I checked with ChatGPT, it suggested that Row-Level Security (RLS) is the correct answer and provided a detailed explanation.

Could someone please review the question and confirm the correct answer?

ChatGPT:

The best option to limit sensitive data exposure to non-privileged users while allowing the ability to grant and revoke access to the data is:

Row-Level Security (RLS)

Explanation:

- Row-Level Security (RLS) allows you to control access to rows in a database table based on the characteristics of the user executing a query. This means you can grant or revoke access to specific rows of data for non-privileged users, making it an effective solution for limiting exposure.

The other options are more suited for different purposes:

-Always Encrypted: Protects sensitive data from being exposed in plain text but doesn't manage access at a user level.

-Dynamic Data Masking: Masks sensitive data but doesn't prevent access; it just hides the data from non-privileged users.

-Transparent Data Encryption (TDE): Encrypts the entire database but doesn't manage user access at the row level.

DP203_wrong questions

Azure Synapse Analytics
Azure Synapse Analytics
An Azure analytics service that brings together data integration, enterprise data warehousing, and big data analytics. Previously known as Azure SQL Data Warehouse.
4,857 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Bhargava-MSFT 30,741 Reputation points Microsoft Employee
    2024-08-19T21:19:23.41+00:00

    Hello Hemantbharti Vishnubharti Gosai,

    Welcome to the Microsoft Q&A forum.

    The Chat GPT answer is incorrect. Dynamic Data Masking is the correct answer.

    Dynamic Data Masking is a feature that can be used to limit sensitive data exposure by masking it to non-privileged users. It allows you to define masking rules that are used to hide sensitive data in query results. This feature can be used to implement fine-grained access control policies.

    For example, you can use Dynamic Data Masking to mask the first 12 digits of a credit card number, so that only the last 4 digits are visible to non-privileged users. This can help prevent unauthorized access to sensitive data, while still allowing authorized users to view the data they need.

    on the other hand, Row level security is also a powerful feature that can be used to implement fine-grained access control policies, but it is used to filter data rows that users are authorized to access, rather than masking sensitive data.

    User's image

    I hope this answers your question.

    You can see the below official document

    https://learn.microsoft.com/en-us/sql/relational-databases/security/dynamic-data-masking?view=sql-server-ver16

    https://learn.microsoft.com/en-us/sql/relational-databases/security/row-level-security?view=sql-server-ver16

    If this answers your question, please consider accepting the answer by hitting the Accept answer and up-vote as it helps the community look for answers to similar questions.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.