Exam DP-203 topic 3 question 15 discussion

A and B

Respuesta A/C

Question is malformed. It does not indicate if all data resides in a single table or if each company has their own tables in the same database.

both needed for RLS

both are needed for RLS

ChatGPT 4o: To ensure that users from each company can view only the data of their respective company in an Azure Synapse Analytics dedicated SQL pool, you should include the following objects in your solution: A. a security policy C. a predicate function Security Policy (A): A security policy in Azure Synapse Analytics is used to define the conditions under which access to data is granted. This can include row-level security (RLS) policies that control access to rows in a table based on the characteristics of the user executing a query. Predicate Function (C): A predicate function is used in conjunction with a security policy to enforce row-level security. The predicate function specifies the logic that determines whether a given row should be visible to a particular user. This function is often written as an inline table-valued function that checks user-specific attributes, such as their company affiliation, against the data in the table.

A and C

Sec Policy & Predicate Function

Implement RLS by using the CREATE SECURITY POLICY Transact-SQL statement, and predicates created as inline table-valued functions therefore, answers are A and C https://learn.microsoft.com/en-us/sql/relational-databases/security/row-level-security?view=azure-sqldw-latest&preserve-view=true

Despite their different purposes, security policies and custom RBAC roles share some common elements: Both are designed to protect data from unauthorized access. Both can be used to define permissions for users or groups of users. Both can be managed by administrators.

AC - for sure

A and B

Chatgpt: If only two responses must be selected from the given options, based on the question asked, the two most relevant objects to ensure that users can view only the data of their respective company would be: A. **A security policy**: This would define the rules and conditions for data access based on company affiliation. B. **A custom role-based access control (RBAC) role**: This would allow for the assignment of specific access rights depending on the user's company. Even though a predicate function could be used as part of a security policy implementation, it is typically a component of such a policy, rather than a standalone object. Options D and E are related to encryption and are not directly used to control data views based on the user's company. Therefore, the two most appropriate answers, according to the question, would be A and B.

Answer is A & C. Although as many have indicated, the steps are • Create the users or groups you want to isolate access. • Create the inline table-valued function that will filter the results based on the predicate defined. • Create a security policy for the table, assigning the function created above The first step may look like "objects"/option B but option B says "A custom role-based access control (RBAC) role. In reality, you would want to create a domain table with companyId and RoleName and create one Role per companyId. (Or maybe a set of roles per companyId depending on what the requirements are). Then the predicate function would use the meta data driven companyIdRoleName table.

Based on this MS doc, A&C is the right answer https://learn.microsoft.com/en-us/sql/relational-databases/security/row-level-security?view=azure-sqldw-latest&preserve-view=true

Question says: "Which two objects should you include in the solution?". It seems that answers A, B and C should be part of the solution, so any combination of the 3 should be ok in terms of a valid answer. If the question would asked for "the sequence of the first 2 steps required to achieve the goal" then the answer would be B => C => A.

It's A & C