Answer: column-level security

## Detailed Explanation ### Recommended Solution: Column-Level Security (CLS) **Column-Level Security (CLS)** is the optimal solution for securing sensitive customer contact information in Azure SQL Data Warehouse (now Azure Synapse Analytics). Here's why: #### Why Column-Level Security is the Best Choice: 1. **Granular Access Control**: CLS allows you to restrict access to specific columns (like phone numbers, email addresses) while allowing users to access other columns in the same table. This perfectly aligns with the requirement to limit access to customer contact information while maintaining access to other relevant data. 2. **Simplified Implementation**: CLS eliminates the need for complex workarounds such as: - Creating multiple views with different column sets - Implementing application-level access control logic - Redesigning the data warehouse schema 3. **Native SQL Integration**: CLS is implemented using standard T-SQL GRANT statements, making it familiar to database administrators and easy to maintain. 4. **Performance Efficiency**: Since the security is enforced at the database level, there's no performance overhead from application-level filtering or multiple view layers. #### Analysis of Other Options: **A. Transparent Data Encryption (TDE)**: - Provides encryption at rest for the entire database - Does not control column-level access - users with database access can still see all columns - Protects data from physical theft but not from authorized users who shouldn't see specific columns **B. Row-Level Security (RLS)**: - Controls access to rows based on user identity or role - Does not address the requirement to hide specific columns from certain users - Would allow business analysts to see phone numbers if they have access to the rows **D. Data Sensitivity Labels**: - Primarily used for classification and auditing purposes - Helps identify sensitive data but does not prevent access - Useful for compliance reporting but not for access restriction - Does not actually secure or block access to the data #### Implementation Benefits: With column-level security, you can: - Grant SELECT permissions on non-sensitive columns to business analysts - Restrict access to sensitive contact columns (phone numbers, email addresses) - Maintain a single table structure without duplicating data - Easily modify access policies as business requirements change This approach ensures that business analysts can perform their analytical work while being prevented from accessing sensitive customer contact information that's not relevant to their analysis.

Author: LeetQuiz Editorial Team