To enforce RLS with a dynamic rule that restricts access to sales regions per user, what should you create?

Study for the Fabric Analytics Engineer Associate Test. Engage with interactive flashcards and multiple-choice questions complete with hints and explanations to solidify your understanding. Get thoroughly prepared for your certification exam!

Multiple Choice

To enforce RLS with a dynamic rule that restricts access to sales regions per user, what should you create?

Explanation:
Row-Level Security lets you filter data rows based on who is querying. To enforce access that varies by user (restricting sales regions per user), you need a mechanism that adapts to the identity of the person asking. An RLS role provides the per-row filtering capability, and a dynamic rule makes that filter depend on the current user’s identity. In practice, the dynamic rule uses the user’s login (or a mapped attribute) to determine which regions are allowed and then only returns rows matching those regions. This per-user mapping is what enables true regional access control, rather than a one-size-fits-all filter. Using an Object-Level Security role wouldn’t filter individual rows, only access to the object as a whole, so it wouldn’t enforce per-row regional restrictions. A static rule would apply the same filter to everyone, which fails to differentiate access by user. So combining a Row-Level Security role with a dynamic rule is the correct approach to achieve per-user region restrictions.

Row-Level Security lets you filter data rows based on who is querying. To enforce access that varies by user (restricting sales regions per user), you need a mechanism that adapts to the identity of the person asking. An RLS role provides the per-row filtering capability, and a dynamic rule makes that filter depend on the current user’s identity. In practice, the dynamic rule uses the user’s login (or a mapped attribute) to determine which regions are allowed and then only returns rows matching those regions. This per-user mapping is what enables true regional access control, rather than a one-size-fits-all filter.

Using an Object-Level Security role wouldn’t filter individual rows, only access to the object as a whole, so it wouldn’t enforce per-row regional restrictions. A static rule would apply the same filter to everyone, which fails to differentiate access by user. So combining a Row-Level Security role with a dynamic rule is the correct approach to achieve per-user region restrictions.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy