To enforce RLS with a dynamic rule that restricts access to sales regions per user, what should you create?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $25.99Unlock all

Prepare for the Fabric Analytics Engineer Associate Test with comprehensive materials. Explore flashcards, multiple choice questions, and detailed explanations. Get ready for your success!

Multiple Choice

To enforce RLS with a dynamic rule that restricts access to sales regions per user, what should you create?

Explanation:
Row-Level Security lets you filter data rows based on who is querying. To enforce access that varies by user (restricting sales regions per user), you need a mechanism that adapts to the identity of the person asking. An RLS role provides the per-row filtering capability, and a dynamic rule makes that filter depend on the current user’s identity. In practice, the dynamic rule uses the user’s login (or a mapped attribute) to determine which regions are allowed and then only returns rows matching those regions. This per-user mapping is what enables true regional access control, rather than a one-size-fits-all filter. Using an Object-Level Security role wouldn’t filter individual rows, only access to the object as a whole, so it wouldn’t enforce per-row regional restrictions. A static rule would apply the same filter to everyone, which fails to differentiate access by user. So combining a Row-Level Security role with a dynamic rule is the correct approach to achieve per-user region restrictions.

Row-Level Security lets you filter data rows based on who is querying. To enforce access that varies by user (restricting sales regions per user), you need a mechanism that adapts to the identity of the person asking. An RLS role provides the per-row filtering capability, and a dynamic rule makes that filter depend on the current user’s identity. In practice, the dynamic rule uses the user’s login (or a mapped attribute) to determine which regions are allowed and then only returns rows matching those regions. This per-user mapping is what enables true regional access control, rather than a one-size-fits-all filter.

Using an Object-Level Security role wouldn’t filter individual rows, only access to the object as a whole, so it wouldn’t enforce per-row regional restrictions. A static rule would apply the same filter to everyone, which fails to differentiate access by user. So combining a Row-Level Security role with a dynamic rule is the correct approach to achieve per-user region restrictions.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy