I have a table that contains about six million records. Each record contains some sensitive data or data that be accessible by the public. What would be the best method to allow access to the table, yet block the access to the sensitive columns (i.e., name, address, etc.)?
There are basically three methods that you can use. Each solution has its pros and cons:
- Issue grants on the column level. It provides what you need but is not so easily managed. (Try using the GUI, for example, to implement column-level permissions.)
- Create a view on the table for each group that includes just the columns that the group should be able to access. Grant rights on the view instead of the table. This is a very reasonable approach.
- Create a stored procedure that returns the relevant fields for each group. The problem with this approach is that they must access the information via the stored procedure and cannot create their own ad-hoc queries. However, the benefit to this approach is the tight control it gives you. Using this approach, it is even possible to create an audit log of anyone retrieving sensitive information, which you cannot do on the back-end using any of the other methods.