Microsoft Azure Data Engineer Associate - DP-203

Get started today

Ultimate access to all questions.

Explanation:

Detailed Explanation

Column-Level Security (Option A)

Optimal Choice: Column-level security is specifically designed to restrict access to specific columns in a table based on user or group permissions. In Azure Synapse Analytics dedicated SQL pools, you can implement column-level security using GRANT and DENY permissions on individual columns.
Implementation: You would create a security policy that denies SELECT permissions on the email address column for the specific user group while allowing access to other columns.
Why It Works: This approach directly addresses the requirement by preventing the specified group from reading email addresses while maintaining their access to other data in the table.

Why Other Options Are Less Suitable

Row-Level Security (RLS) - Option B

RLS filters rows based on user context but does not restrict access to specific columns. It operates at the row level, not the column level.
Limitation: Even with RLS implemented, users who can access rows would still be able to see all columns in those rows, including email addresses.

Transparent Data Encryption (TDE) - Option C

TDE provides encryption for data at rest but does not control access to specific columns during query execution.
Limitation: Authorized users with proper permissions can still read decrypted data, including email addresses, when querying the table.

Dynamic Data Masking - Option D

Dynamic data masking obscures sensitive data in query results but does not prevent access to the actual data.
Limitation: While it masks the display of email addresses, users with sufficient privileges can still access the unmasked data through other means or by bypassing the masking rules.

Best Practice Considerations

Column-level security provides the most granular control for column-specific access restrictions in Azure Synapse Analytics.
This approach aligns with the principle of least privilege by granting users only the access they need to perform their duties.
Column-level security policies are enforced at the database engine level, providing robust protection regardless of the application or tool used to access the data.

Explanation:

Detailed Explanation

Column-Level Security (Option A)

Optimal Choice: Column-level security is specifically designed to restrict access to specific columns in a table based on user or group permissions. In Azure Synapse Analytics dedicated SQL pools, you can implement column-level security using GRANT and DENY permissions on individual columns.
Implementation: You would create a security policy that denies SELECT permissions on the email address column for the specific user group while allowing access to other columns.
Why It Works: This approach directly addresses the requirement by preventing the specified group from reading email addresses while maintaining their access to other data in the table.

Why Other Options Are Less Suitable

Row-Level Security (RLS) - Option B

RLS filters rows based on user context but does not restrict access to specific columns. It operates at the row level, not the column level.
Limitation: Even with RLS implemented, users who can access rows would still be able to see all columns in those rows, including email addresses.

Transparent Data Encryption (TDE) - Option C

TDE provides encryption for data at rest but does not control access to specific columns during query execution.
Limitation: Authorized users with proper permissions can still read decrypted data, including email addresses, when querying the table.

Dynamic Data Masking - Option D

Dynamic data masking obscures sensitive data in query results but does not prevent access to the actual data.
Limitation: While it masks the display of email addresses, users with sufficient privileges can still access the unmasked data through other means or by bypassing the masking rules.

Best Practice Considerations

Column-level security provides the most granular control for column-specific access restrictions in Azure Synapse Analytics.
This approach aligns with the principle of least privilege by granting users only the access they need to perform their duties.
Column-level security policies are enforced at the database engine level, providing robust protection regardless of the application or tool used to access the data.

Comments (0)

No comments yet.

You have an Azure Synapse Analytics dedicated SQL pool containing a table named dbo.Users. You need to prevent a specific group of users from being able to read the email addresses from the dbo.Users table.

What should you use?

Exam-Like

Last updated: May 3, 2026 at 14:02

column-level security

row-level security (RLS)

Transparent Data Encryption (TOE)

dynamic data masking

Microsoft Azure Data Engineer Associate - DP-203

Get started today

Detailed Explanation

Column-Level Security (Option A)

Why Other Options Are Less Suitable

Row-Level Security (RLS) - Option B

Transparent Data Encryption (TDE) - Option C

Dynamic Data Masking - Option D

Best Practice Considerations

Detailed Explanation

Column-Level Security (Option A)

Why Other Options Are Less Suitable

Row-Level Security (RLS) - Option B

Transparent Data Encryption (TDE) - Option C

Dynamic Data Masking - Option D

Best Practice Considerations

Comments (0)

Get started today

You have an Azure Synapse Analytics dedicated SQL pool containing a table named dbo.Users. You need to prevent a specific group of users from being able to read the email addresses from the dbo.Users table. What should you use?

Comments (0)

You have an Azure Synapse Analytics dedicated SQL pool containing a table named dbo.Users. You need to prevent a specific group of users from being able to read the email addresses from the dbo.Users table.

What should you use?