I have implemented row level security in SQLServer in Person table (to meet GDPR requirements) so that a basic user can see only subset of personal records. The Person table has some data (RFID tag) that must be unique in the system. So my app checks that there is no duplicate RFIDtag.
How to do this check when RLS is on, because the query only sees a subset of rows, but the RFID must be globally unique ? What could be the best way to run this query with temporarily disabling RLS ?
My first idea is to use a stored function, to perform the check. The function executed as 'sa' user sa could see all rows. Any other (simpler) ideas ?
sa
inside the database.EXECUTE AS
is a solution here, but you're better off doing that as a specific user with only the permissions it needs (CREATE USER ... WITHOUT LOGIN
). – Jeroen MostertUNIQUE
index also take care of things? You can catch the duplicate error to present a more meaningful error message to the user. As a bonus, that would also be safer than a check-before-insert pattern. – Jeroen Mostert