# Demo: Using Column-level Security (M04\_L04\_Demo3)

**<span style="color:black;mso-color-alt:windowtext">Objective<i>:&nbsp; </i></span>** <span style="color:black;
mso-color-alt:windowtext">The goal of this demo is to demonstrate how to implement Column Level Security in Azure Synapse SQL Pool.&nbsp;&nbsp;</span>

In [48]:
--1. Create a test user

CREATE USER TestUser WITHOUT LOGIN; 


In [49]:
--2. Create Test Table

CREATE TABLE TableOLS
  (  
   UserID INT,  
	Firstname VARCHAR(40),
	Lastname VARCHAR(40),
	Username VARCHAR(40), 
   Salary INT)  
WITH   
  (   
    DISTRIBUTION = HASH ( UserID ),  
    CLUSTERED COLUMNSTORE INDEX
  )  
;


In [50]:
-- Read ALL data, ALL columns

SELECT * FROM dbo.TableOLS;  

UserID,Firstname,Lastname,Username,Salary


In [51]:
--2. Specify which columns are accessible for query

GRANT SELECT ON dbo.TableOLS
	([Firstname], [Lastname], [Username]) 
	TO TestUser;


In [52]:
--3. Execute a SELECT query as the user created previously

EXECUTE AS USER = 'TestUser';    
SELECT  UserID,  --Permission to this column has not been granted
        Firstname, 
        Lastname, 
        Username 
FROM dbo.TableOLS;


: Msg 230, Level 14, State 1, Line 1
The SELECT permission was denied on the column 'UserID' of the object 'TableOLS', database 'wsplussynapsepool1', schema 'dbo'.

In [54]:
--4. Select subset columns 

EXECUTE AS USER = 'TestUser';   
SELECT FirstName, LastName, Username
FROM dbo.TableOLS



: Msg 230, Level 14, State 1, Line 1
The SELECT permission was denied on the column 'UserID' of the object 'TableOLS', database 'wsplussynapsepool1', schema 'dbo'.
The SELECT permission was denied on the column 'Salary' of the object 'TableOLS', database 'wsplussynapsepool1', schema 'dbo'.

In [55]:
EXECUTE AS USER = 'TestUser';   
SELECT *
FROM dbo.TableOLS

: Msg 230, Level 14, State 1, Line 1
The SELECT permission was denied on the column 'UserID' of the object 'TableOLS', database 'wsplussynapsepool1', schema 'dbo'.
The SELECT permission was denied on the column 'Salary' of the object 'TableOLS', database 'wsplussynapsepool1', schema 'dbo'.

In [59]:
--5. Manual Cleanup

REVERT
GO
DROP TABLE TableOLS;
DROP USER TestUser;

