How To Use Encrypted View In SQL Server

Posted December 31, 2018 by Vishwanath Dalvi in Database, SQL Server

EXCEPT and INTERSECT – SET Operator In SQL Server

A VIEW is a virtual table defined by a query. VIEWs are essentially similar to other database objects whose structure along with query is stored in the database. VIEWs can have complex queries with multiple joins, nested views or ad-hoc queries. Most importantly, a VIEW is benefited because we can expose a limited number of fields to users. Allowing users to see fields defined in a VIEW instead of presenting them with actual tables stored in a database.

Assume few business users are using a VIEW to generate a financial report, but we don’t want them to be in a position of seeing or altering the created VIEW to generate the report. Users can use inbuilt metadata tables like sys.syscomments or sp_helptext to obtain the query behind a VIEW.

Adding a security layer, we can restrict users and other developers by creating ENCRYPTED VIEWs in SQL Server. To create an encrypted view in SQL Server by adding WITH ENCRYPTION option either while creating or altering the view.

How To Create Encrypted View In SQL Server_Syntax

1.

Advantages of Encrypted VIEWs

1.1 – Hides VIEW structure and content.
1.2 – The source code is unavailable for an encrypted view.

More vital to understand, once a VIEW is encrypted, no one (including the view owner) will be able to read the view’s structure or source code. Therefore, make sure to have view source code copied or stored in a repository before adding WITH ENCRYPTION option. This will help you to modify view structure in future if needed.

2.

How To Obtain VIEW Information

2.1 – Object explorer In SSMS
2.2 – sp_helptext – stored procedure
2.3 – sys.views and sys.syscomments – catalog views

Let’s create a table employee & a view v_employeeinfo. Here we will see, how to obtain view structure and its source code through a system created catalogue view and stored procedure.

USE tempdb;

IF OBJECT_ID(N'Employee', N'U') IS NOT NULL
DROP TABLE Employee;
GO

--Create Employee table
CREATE TABLE Employee
(
  ID    INT
 ,Name  VARCHAR(100)
);

INSERT dbo.Employee VALUES 
 (1, 'Atul')
,(2, 'Vishal')
,(3, 'Sangram');

IF OBJECT_ID(N'V_EmployeeInfo', N'V') IS NOT NULL
DROP VIEW V_EmployeeInfo;
GO

--Create a view
CREATE VIEW V_EmployeeInfo
AS 
SELECT ID, Name
FROM   Employee;
GO

--Query view
SELECT * 
FROM   V_EmployeeInfo;


Result Set

How To Create Encrypted View In SQL Server

We will query the sys.syscomments catalogue view and execute the sp_helptext stored procedure to obtain v_employeeinfo view’s content. Revealing view’s source code and defined query.

sys.syscomments – Catalog View

Querying sys.syscomments view shows us the source code for the v_employeeinfo view.

USE tempdb;
GO

--Find view Source Code
SELECT TEXT 
FROM   sys.syscomments 
Where  ID = OBJECT_ID('V_EmployeeInfo','V');

Result Set

How To Create Encrypted View In SQL Server

sp_helptext – stored procedure

Executing sp_helptext against view name shows the same source code for the v_employeeinfo view.

USE tempdb;
GO

--Find view Source Code using sp_helptext
sp_helptext 'V_EmployeeInfo'


Result set

How To Create Encrypted View In SQL Server

3

Encrypting VIEWs

We want to alter the existing view so that the source code is encrypted and not readable. Let’s change the CREATE VIEW to ALTER VIEW and add WITH ENCRYPTION option before AS keyword.

USE tempdb;
GO
--Alter view add WITH ENCRYPTION Option
ALTER VIEW V_EmployeeInfo
WITH ENCRYPTION 
AS 
SELECT ID, Name
FROM   Employee;
GO

Always a best practice to query the view once we create or alter view with WITH ENCRYPTION option. This will confirm that it gives the expected results. Following query confirms that v_employeeinfo view is producing the similar results post-encryption.

Let’s query the sys.syscomments catalogue view and sp_helptext procedure, and see these system tables doesn’t reveal the view source code after adding encryption option.

3.1

sys.syscomments – Catalog View

Attempt to run sys.syscomments catalogue view returns NULL instead of view’s source code as an encryption option added to the view.

How To Create Encrypted View In SQL Server

3.2

sp_helptext – Stored Procedure

The sp_helptext stored procedure returns an error message stating The text for object ‘V_EmployeeInfo’ is encrypted.

How To Create Encrypted View In SQL Server

All the options are unavailable in SQL Server to obtain view’s source once WITH ENCRYPTION is added.

4.

Remove WITH ENCRYPTION Option

In the following query, we will alter the v_employeeinfo view and remove the WITH ENCRYPTION option clause to display the source code for the v_employeeinfo view as it was defined early.

USE tempdb;
GO
--Alter view to remove WITH ENCRYPTION Option
ALTER VIEW V_EmployeeInfo
AS 
SELECT ID, Name
FROM   Employee;
GO


How To Create Encrypted View In SQL Server

Summary

In this tech-recipes post we’ve learned to encrypt a view in SQL Server so that its source code is not visible to anyone. If you like this post you may browse through Tech-Recipes Database Archive posts to learn more useful stuff.

 

About Vishwanath Dalvi

Vishwanath Dalvi is a gifted engineer and tech enthusiast. He enjoys music, magic, movies, and gaming. When not hacking around or supporting the open source community, he is trying to overcome his phobia of dogs.
View more articles by Vishwanath Dalvi

The Conversation

Follow the reactions below and share your own thoughts.

Leave a Reply