Testing the Security Filter Policies Within Studio
TDV provides the ability to test the row filter policy within Studio, but recommends that you perform thorough testing of your row filter policies by setting up a working test environment that includes all the data sources and client applications that would be interacting with the data for which you have defined row-based security.
Within Studio, the Test Identity tab lets you execute a view and simulate the results according to row filter policies that you have defined. You can test the row filter policy and the resulting data set by executing the view as different users and groups. After using Studio to test your row filter policies, you are also advised to run tests of your TDV systems before going to production with row-based security.
The test on this tab changes how row filter policies, based on identity, alter SQL statements. For security reasons, the Test Identity tab cannot change data source connections, so the candidate rows that might be filtered are the same candidate rows that the administrator would see. Use of this tab does not alter any pass-through credentials.
To test your row filter policy within Studio
1. Make sure that you are signed in as an Administrative user with the Modify All Resources right.
2. Identify any existing table or view resources for which you want to test row-based security.
3. Create a view of those table or view resources so that you can apply filters to them.
For example, to filter the data in the EMP view, create an EMP_VIEW_FILTER view with the definition of SELECT * FROM EMP. Define row-based security on the EMP_VIEW_FILTER view.
4. Select and open the view of the resource for which you want to test row filter policies.
5. Select the Test Identity tab.
6. Select one of the following.
Option | Description |
Current Identity | Run the view and retrieve a result set filtered according to the row filter policy, as the user currently signed in to Studio. |
Simulated Identity | Run the view and retrieve a result set filtered according to the row filter policy, as the specified user or group. Type the User@Domain or Group@Domain values. For example, admin@composite or QA@finance. |
7. Click Execute.
8. Review the data returned in the Result portion of the screen and determine if the row filter policy is displaying the rows as you expected for your row filter policy definition.