Answer: a security policy, a predicate function

To ensure users from each company can only view their own company's data in an Azure Synapse Analytics dedicated SQL pool, the correct approach is to implement Row-Level Security (RLS). RLS requires two key components: **A. A security policy** - This is the main object that defines and enforces row-level security on a table. The security policy specifies which predicate function will be used to filter rows based on user context. **C. A predicate function** - This is an inline table-valued function that contains the logic to determine which rows should be visible to each user. The function typically compares user attributes (like company affiliation) with data in the table columns to filter results appropriately. **Why these options are optimal:** - Together, these two objects form the complete implementation of Row-Level Security in Azure Synapse Analytics - The security policy binds the predicate function to specific tables - The predicate function contains the actual filtering logic based on user context - This approach is Microsoft's recommended pattern for multi-tenant data isolation scenarios **Why other options are less suitable:** - **B. A custom RBAC role** - While RBAC controls access to Azure resources, it operates at the workspace or database level, not at the row level within tables. RBAC cannot filter specific rows within a table based on data content. - **D. A column encryption key** - This is used for data encryption, not for row-level access control based on company affiliation. - **E. Asymmetric keys** - These are used for encryption and digital signatures, not for row-level data filtering. The security policy and predicate function combination provides granular, data-driven access control that automatically filters rows based on user context, making it the ideal solution for multi-company data isolation requirements.

Author: LeetQuiz Editorial Team