5 Reasons Why Row-Level Security is Wrong for Your Data Warehouse
CIOReview
CIOREVIEW >> Data Security >>

5 Reasons Why Row-Level Security is Wrong for Your Data Warehouse

By CIOReview | Wednesday, November 3, 2021

Row-level security is especially troubling since it may have only one point of failure: the data warehouse administrator's account, which has access to all of the database's critical data.

FREMONT, CA :Row-level security is a development of user-level security in which the visibility of distinct database rows or records is determined by the level of access granted to specific users or user groups. For example, based on their job role, basic users may only have view-level access to particular records in a database. In contrast, database administrators can view and change all records in the database. Row-level security has been implemented into the offerings of major public cloud providers such as Google Cloud Platform, Amazon Web Services, and Microsoft Azure.

But is row-level security, however, the best approach to protect the data? Below are three reasons why row-level security cannot solve the data warehouse security problems and can perhaps put businesses at risk.

Single Point of Failure

Row-level security is especially troubling since it may have only one point of failure: the data warehouse administrator's account, which has access to all of the database's critical data. There would be no recourse if an attacker gained access to the administrator's account (for example, through a breach in the account credentials)—the attacker might examine and exfiltrate the entire data warehouse before anything could be done to stop it.

Prone to Mistakes

Organizations should, ideally, employ several data security solutions, giving them a Plan B (and Plan C, and Plan D) to fall back on if the first safeguards are breached. Regrettably, row-level security does not provide this level of protection. Suppose a database administrator makes even a single configuration error when setting up row-level security (or modifying configurations for new data). In that case, sensitive data in data warehouse could be irreversibly exposed to an unauthorized user.

Brittle Security Configuration

Row-level security may appear to be a step up from user-level and share-level protection, but it comes with its own set of drawbacks. Trying to correctly manage row-level security for all of the users and user groups as the size of the database grows will become an increasingly time-consuming and error-prone operation. To put it another way, row-level security is brittle: it is difficult to scale as one collects more data in the data warehouse or the number of users grows.