# Lab: RLS/CLM using Databricks

In [0]:
%run "../00 Setup/00_Config"

## 1. How to apply row level filters to a table

In [0]:
-- Select all unique issue categories from the customer service data table
select distinct issue_category from cust_service_data

In [0]:
-- Drop the issue_filter function if it already exists
DROP FUNCTION IF EXISTS issue_filter;

-- Create a row filter function to restrict access based on user group and issue category
CREATE FUNCTION issue_filter(issue_category STRING)
RETURN IF(IS_ACCOUNT_GROUP_MEMBER('admin'), true, issue_category ='Technical Support');

In [0]:
-- Apply the issue_filter row filter function to restrict access to rows based on user group and issue category
ALTER TABLE cust_service_data SET ROW FILTER issue_filter ON (issue_category);

-- Uncomment the following line to remove the row filter from the table
--ALTER TABLE cust_service_data DROP ROW FILTER;

In [0]:
-- Select all unique issue categories from the customer service data table afer row level security is applied
select distinct issue_category from cust_service_data

## 2. How to apply column level masking

In [0]:
-- Select all columns from the survey table
select * from survey

In [0]:
-- Drop the surveycomment_mask function if it already exists
DROP FUNCTION IF EXISTS surveycomment_mask;

-- Create a column mask function to restrict access to survey_comment based on user group
CREATE FUNCTION surveycomment_mask(survey_comment STRING)
  RETURN CASE WHEN is_account_group_member('admin') THEN survey_comment ELSE '***' END;

In [0]:
-- Apply the surveycomment_mask column mask function to restrict access to survey_comment based on user group
ALTER TABLE survey ALTER COLUMN survey_comment SET MASK surveycomment_mask;

-- Uncomment the following line to remove the column mask from survey_comment
--ALTER TABLE survey ALTER COLUMN survey_comment DROP MASK;

In [0]:
-- Select all columns from the survey table after column level security is applied
select * from survey