Merge pull request #28659 from WilliamDAssafMSFT/20231004-cls-rls

20231004 fabric CLS RLS

Author: AnnaMHuff

docs/includes/applies-to-version/sql-asdbmi-asa-svrless-poolonly-fabricse-fabricdw.md

@@ -0,0 +1,10 @@
+---
+author: WilliamDAssafMSFT
+ms.author: wiassaf
+ms.date: 10/04/2023
+ms.service: sql
+ms.topic: include
+---
+
+[!INCLUDE [Applies to](../../includes/applies-md.md)] [!INCLUDE [SQL Server](_ssnoversion.md)] [!INCLUDE [ASDBMI](_asmi.md)] [!INCLUDE [Azure Synapse Analytics (serverless SQL pool only)](../../includes/applies-to-version/_asa-svrless-sqlpool-only.md)] [!INCLUDE [Fabric SQL Endpoint](../../includes/applies-to-version/_fabric-se.md)] [!INCLUDE [Fabric Data Warehouse](../../includes/applies-to-version/_fabric-dw.md)] 
+

docs/includes/applies-to-version/sqlserver2016-asdb-asdbmi-fabricse-fabricdw.md

@@ -0,0 +1,9 @@
+---
+author: WilliamDAssafMSFT
+ms.author: wiassaf
+ms.date: 10/04/2023
+ms.service: sql
+ms.topic: include
+---
+
+[!INCLUDE [Applies to](../../includes/applies-md.md)] [!INCLUDE [SQL Server 2016](_ss2016.md)] and later versions [!INCLUDE [Azure SQL Database](_asdb.md)] [!INCLUDE [Azure SQL Managed Instance](_asmi.md)] [!INCLUDE [Fabric SQL Endpoint](../../includes/applies-to-version/_fabric-se.md)] [!INCLUDE [Fabric Data Warehouse](../../includes/applies-to-version/_fabric-dw.md)]

docs/relational-databases/security/row-level-security.md

@@ -1,6 +1,6 @@
 ---
-title: "Row-Level security"
-description: Learn how Row-Level security uses group membership or execution context to control access to rows in a database table in SQL Server.
+title: "Row-level security"
+description: Learn how row-level security uses group membership or execution context to control access to rows in a database table in SQL Server.
 author: VanMSFT
 ms.author: vanto
 ms.reviewer: wiassaf
@@ -16,22 +16,25 @@ helpviewer_keywords:
   - "predicate based security"
 monikerRange: "=azuresqldb-current||=azure-sqldw-latest||>=sql-server-2016||>=sql-server-linux-2017||=azuresqldb-mi-current||=fabric"
 ---
-# Row-Level security
+# Row-level security
 
 [!INCLUDE [sql-asdb-asdbmi-asa-fabricse-fabricdw](../../includes/applies-to-version/sql-asdb-asdbmi-asa-fabricse-fabricdw.md)]
 
   :::image type="content" source="media/row-level-security/row-level-security-graphic.png" alt-text="Decorative graphic of row level security.":::
 
-Row-Level security enables you to use group membership or execution context to control access to rows in a database table.
+Row-level security (RLS) enables you to use group membership or execution context to control access to rows in a database table.
 
-Row-Level security (RLS) simplifies the design and coding of security in your application. RLS helps you implement restrictions on data row access. For example, you can ensure that workers access only those data rows that are pertinent to their department. Another example is to restrict customers' data access to only the data relevant to their company.
+Row-level security simplifies the design and coding of security in your application. RLS helps you implement restrictions on data row access. For example, you can ensure that workers access only those data rows that are pertinent to their department. Another example is to restrict customers' data access to only the data relevant to their company.
 
 The access restriction logic is located in the database tier rather than away from the data in another application tier. The database system applies the access restrictions every time that data access is attempted from any tier. This makes your security system more reliable and robust by reducing the surface area of your security system.
 
 Implement RLS by using the [CREATE SECURITY POLICY](../../t-sql/statements/create-security-policy-transact-sql.md) [!INCLUDE [tsql](../../includes/tsql-md.md)] statement, and predicates created as [inline table-valued functions](../../relational-databases/user-defined-functions/create-user-defined-functions-database-engine.md).
 
 Row-level security was first introduced to [!INCLUDE [sssql16-md](../../includes/sssql16-md.md)].
 
+> [!NOTE]
+> This article is focused on [!INCLUDE[ssNoVersion](../../includes/ssnoversion-md.md)] and Azure SQL platforms. For [!INCLUDE [fabric](../../includes/fabric.md)], see [Row-level security in Microsoft Fabric](/fabric/data-warehouse/row-level-security).
+
 ## <a id="Description"></a> Description
 
 Row-level security (RLS) supports two types of security predicates:
@@ -685,7 +688,7 @@ DROP SCHEMA Sample;
 
 We can demonstrate row-level security [!INCLUDE [fabricdw](../../includes/fabric-dw.md)] and [!INCLUDE [fabricse](../../includes/fabric-se.md)] in [!INCLUDE [fabric](../../includes/fabric.md)].
 
-The following example creates sample tables that will work with [!INCLUDE [fabricdw](../../includes/fabric-dw.md)] in [!INCLUDE [fabric](../../includes/fabric.md)], but in [!INCLUDE [fabricse](../../includes/fabric-se.md)] use existing tables. In the [!INCLUDE [fabricse](../../includes/fabric-se.md)], you cannot `CREATE TABLE`, you can `CREATE SCHEMA`, `CREATE FUNCTION`, and `CREATE SECURITY POLICY`.
+The following example creates sample tables that will work with [!INCLUDE [fabricdw](../../includes/fabric-dw.md)] in [!INCLUDE [fabric](../../includes/fabric.md)], but in [!INCLUDE [fabricse](../../includes/fabric-se.md)] use existing tables. In the [!INCLUDE [fabricse](../../includes/fabric-se.md)], you cannot use `CREATE TABLE`, but you can use `CREATE SCHEMA`, `CREATE FUNCTION`, and `CREATE SECURITY POLICY`.
 
 In this example, first create a schema `sales`, a table `sales.Orders`. 
 
@@ -723,7 +726,7 @@ Create a `Security` schema, a function `Security.tvf_securitypredicate`, and a s
 -- Creating schema for Security
 CREATE SCHEMA Security;
 GO
- 
+
 -- Creating a function for the SalesRep evaluation
 CREATE FUNCTION Security.tvf_securitypredicate(@SalesRep AS nvarchar(50))
     RETURNS TABLE
@@ -745,13 +748,13 @@ After applying the security policy and creating the function, the users `Sales1@
 
 ## Related content
 
-- [CREATE SECURITY POLICY (Transact-SQL)](../../t-sql/statements/create-security-policy-transact-sql.md)</br>
-- [ALTER SECURITY POLICY (Transact-SQL)](../../t-sql/statements/alter-security-policy-transact-sql.md)</br>
-- [DROP SECURITY POLICY (Transact-SQL)](../../t-sql/statements/drop-security-policy-transact-sql.md)</br>
-- [CREATE FUNCTION (Transact-SQL)](../../t-sql/statements/create-function-transact-sql.md)</br>
-- [SESSION_CONTEXT (Transact-SQL)](../../t-sql/functions/session-context-transact-sql.md)</br>
-- [sp_set_session_context (Transact-SQL)](../../relational-databases/system-stored-procedures/sp-set-session-context-transact-sql.md)</br>
-- [sys.security_policies (Transact-SQL)](../../relational-databases/system-catalog-views/sys-security-policies-transact-sql.md)</br>
-- [sys.security_predicates (Transact-SQL)](../../relational-databases/system-catalog-views/sys-security-predicates-transact-sql.md)</br>
+- [CREATE SECURITY POLICY (Transact-SQL)](../../t-sql/statements/create-security-policy-transact-sql.md)
+- [ALTER SECURITY POLICY (Transact-SQL)](../../t-sql/statements/alter-security-policy-transact-sql.md)
+- [DROP SECURITY POLICY (Transact-SQL)](../../t-sql/statements/drop-security-policy-transact-sql.md)
+- [CREATE FUNCTION (Transact-SQL)](../../t-sql/statements/create-function-transact-sql.md)
+- [SESSION_CONTEXT (Transact-SQL)](../../t-sql/functions/session-context-transact-sql.md)
+- [sp_set_session_context (Transact-SQL)](../../relational-databases/system-stored-procedures/sp-set-session-context-transact-sql.md)
+- [sys.security_policies (Transact-SQL)](../../relational-databases/system-catalog-views/sys-security-policies-transact-sql.md)
+- [sys.security_predicates (Transact-SQL)](../../relational-databases/system-catalog-views/sys-security-predicates-transact-sql.md)
 - [Create User-defined Functions (Database Engine)](../../relational-databases/user-defined-functions/create-user-defined-functions-database-engine.md)
 - [GRANT Object Permissions (Transact-SQL)](../../t-sql/statements/grant-object-permissions-transact-sql.md)

docs/relational-databases/views/views.md

@@ -3,35 +3,42 @@ title: "Views"
 description: "Views"
 author: WilliamDAssafMSFT
 ms.author: wiassaf
-ms.date: "03/14/2017"
+ms.date: 10/04/2023
 ms.service: sql
 ms.subservice: table-view-index
 ms.topic: conceptual
 helpviewer_keywords:
   - "views [SQL Server], about views"
-monikerRange: ">=aps-pdw-2016||=azuresqldb-current||=azure-sqldw-latest||>=sql-server-2016||>=sql-server-linux-2017||=azuresqldb-mi-current"
+monikerRange: ">=aps-pdw-2016||=azuresqldb-current||=azure-sqldw-latest||>=sql-server-2016||>=sql-server-linux-2017||=azuresqldb-mi-current||=fabric"
 ---
 # Views
-[!INCLUDE [sql-asdb-asdbmi-asa-pdw](../../includes/applies-to-version/sql-asdb-asdbmi-asa-pdw.md)]
+
+[!INCLUDE [sql-asdb-asdbmi-asa-pdw-fabricse-fabricdw](../../includes/applies-to-version/sql-asdb-asdbmi-asa-pdw-fabricse-fabricdw.md)]
+
   A view is a virtual table whose contents are defined by a query. Like a table, a view consists of a set of named columns and rows of data. Unless indexed, a view does not exist as a stored set of data values in a database. The rows and columns of data come from tables referenced in the query defining the view and are produced dynamically when the view is referenced.  
 
  A view acts as a filter on the underlying tables referenced in the view. The query that defines the view can be from one or more tables or from other views in the current or other databases. Distributed queries can also be used to define views that use data from multiple heterogeneous sources. This is useful, for example, if you want to combine similarly structured data from different servers, each of which stores data for a different region of your organization.  
 
- Views are generally used to focus, simplify, and customize the perception each user has of the database. Views can be used as security mechanisms by letting users access data through the view, without granting the users permissions to directly access the underlying base tables of the view. Views can be used to provide a backward compatible interface to emulate a table that used to exist but whose schema has changed. Views can also be used when you copy data to and from [!INCLUDE[ssNoVersion](../../includes/ssnoversion-md.md)] to improve performance and to partition data.  
+ Views are generally used to focus, simplify, and customize the perception each user has of the database. Views can be used as security mechanisms by letting users access data through the view, without granting the users permissions to directly access the underlying base tables of the view. Views can be used to provide a backward compatible interface to emulate a table that used to exist but whose schema has changed. Views can also be used when you copy data to and from [!INCLUDE [ssNoVersion](../../includes/ssnoversion-md.md)] to improve performance and to partition data.  
 
-## Types of Views  
- Besides the standard role of basic user-defined views, [!INCLUDE[ssNoVersion](../../includes/ssnoversion-md.md)] provides the following types of views that serve special purposes in a database.  
+## Types of views
+
+Besides the standard role of basic user-defined views, [!INCLUDE [ssNoVersion](../../includes/ssnoversion-md.md)] provides the following types of views that serve special purposes in a database.  
 
- Indexed Views  
+### Indexed views  
+
  An indexed view is a view that has been materialized. This means the view definition has been computed and the resulting data stored just like a table. You index a view by creating a unique clustered index on it. Indexed views can dramatically improve the performance of some types of queries. Indexed views work best for queries that aggregate many rows. They are not well-suited for underlying data sets that are frequently updated.  
 
- Partitioned Views  
- A partitioned view joins horizontally partitioned data from a set of member tables across one or more servers. This makes the data appear as if from one table. A view that joins member tables on the same instance of [!INCLUDE[ssNoVersion](../../includes/ssnoversion-md.md)] is a local partitioned view.  
+### Partitioned views  
+
+A partitioned view joins horizontally partitioned data from a set of member tables across one or more servers. This makes the data appear as if from one table. A view that joins member tables on the same instance of [!INCLUDE [ssNoVersion](../../includes/ssnoversion-md.md)] is a local partitioned view.  
 
- System Views  
- System views expose catalog metadata. You can use system views to return information about the instance of [!INCLUDE[ssNoVersion](../../includes/ssnoversion-md.md)] or the objects defined in the instance. For example, you can query the sys.databases catalog view to return information about the user-defined databases available in the instance. For more information, see [System Views (Transact-SQL)](../../t-sql/language-reference.md)  
+### System views  
+
+System views expose catalog metadata. You can use system views to return information about the instance of [!INCLUDE [ssNoVersion](../../includes/ssnoversion-md.md)] or the objects defined in the instance. For example, you can query the `sys.databases` catalog view to return information about the user-defined databases available in the instance. For more information, see [System Views (Transact-SQL)](../../t-sql/language-reference.md).
 
-## Common View Tasks  
+## Common view tasks
+
  The following table provides links to common tasks associated with creating or modifying a view.  
 
 |View Tasks|Topic|  
@@ -44,7 +51,9 @@ monikerRange: ">=aps-pdw-2016||=azuresqldb-current||=azure-sqldw-latest||>=sql-s
 |Describes how to return information about a view such as the view definition.|[Get Information About a View](../../relational-databases/views/get-information-about-a-view.md)|  
 |Describes how to rename a view.|[Rename Views](../../relational-databases/views/rename-views.md)|  
 
-## See Also  
- [Create Views over XML Columns](../../relational-databases/xml/create-views-over-xml-columns.md)   
- [CREATE VIEW (Transact-SQL)](../../t-sql/statements/create-view-transact-sql.md)  
-  
+## Related content
+
+- [Create Views over XML Columns](../../relational-databases/xml/create-views-over-xml-columns.md)
+- [CREATE VIEW (Transact-SQL)](../../t-sql/statements/create-view-transact-sql.md)
+- [GRANT Object Permissions (Transact-SQL)](../../t-sql/statements/grant-object-permissions-transact-sql.md)
+- [Row-level security](../security/row-level-security.md)

docs/t-sql/functions/suser-name-transact-sql.md

@@ -4,7 +4,7 @@ description: "SUSER_NAME returns the login identification name of the user."
 author: VanMSFT
 ms.author: vanto
 ms.reviewer: randolphwest
-ms.date: 12/21/2022
+ms.date: 10/04/2023
 ms.service: sql
 ms.subservice: t-sql
 ms.topic: reference
@@ -21,11 +21,11 @@ helpviewer_keywords:
   - "names [SQL Server], logins"
 dev_langs:
   - "TSQL"
-monikerRange: "= azure-sqldw-latest || >= sql-server-2016 || >= sql-server-linux-2017 || = azuresqldb-mi-current"
+monikerRange: "= azure-sqldw-latest || >= sql-server-2016 || >= sql-server-linux-2017 || = azuresqldb-mi-current || =fabric"
 ---
 # SUSER_NAME (Transact-SQL)
 
-[!INCLUDE [SQL Server Azure SQL Managed Instance](../../includes/applies-to-version/sql-asdbmi-asa-svrless-poolonly.md)]
+[!INCLUDE [SQL Server Azure SQL Managed Instance fabricse fabricdw](../../includes/applies-to-version/sql-asdbmi-asa-svrless-poolonly-fabricse-fabricdw.md)]
 
 Returns the login identification name of the user.
 
@@ -43,15 +43,15 @@ SUSER_NAME ( [ server_user_id ] )
 
 #### *server_user_id*
 
-The login identification number of the user. *server_user_id*, which is optional, is **int**. *server_user_id* can be the login identification number of any [!INCLUDE[ssNoVersion](../../includes/ssnoversion-md.md)] login or Windows user or group that has permission to connect to an instance of [!INCLUDE[ssNoVersion](../../includes/ssnoversion-md.md)]. When *server_user_id* isn't specified, the login identification name for the current user is returned. If the parameter contains the word NULL, it will return NULL.
+The login identification number of the user. *server_user_id*, which is optional, is **int**. *server_user_id* can be the login identification number of any [!INCLUDE[ssNoVersion](../../includes/ssnoversion-md.md)] login or Windows user or group that has permission to connect to an instance of [!INCLUDE[ssNoVersion](../../includes/ssnoversion-md.md)]. When *server_user_id* isn't specified, the login identification name for the current user is returned. If the parameter contains the word `NULL`, it returns `NULL`.
 
 ## Return type
 
 **nvarchar(128)**
 
 ## Remarks
 
-`SUSER_NAME` returns a login name only for a login that has an entry in the `syslogins` system table.
+`SUSER_NAME` returns a login name only for a login that has an entry in the `sys.server_principals` or `sys.sql_logins` catalog views.
 
 `SUSER_NAME` can be used in a select list, in a WHERE clause, and anywhere an expression is allowed. Use parentheses after `SUSER_NAME`, even if no parameter is specified.
 
@@ -60,13 +60,40 @@ The login identification number of the user. *server_user_id*, which is optional
 
 ## Examples
 
+### A. Use SUSER_NAME
+
 The following example returns the login identification name of the user with a login identification number of `1`.
 
 ```sql
 SELECT SUSER_NAME(1);
 ```
 
-## See also
+### B. Use SUSER_NAME without an ID
+
+The following example finds the name of the current user without specifying an ID.
+  
+```sql  
+SELECT SUSER_NAME();  
+GO  
+```  
+  
+In SQL Server, here is the result set for a Microsoft Entra ID authenticated login:
+  
+```output
+contoso\username  
+```
+
+In Azure SQL Database and Microsoft Fabric, here is the result set for a Microsoft Entra ID authenticated login:
+
+```output
+username@contoso.com
+```
+
+## Related content
 
+- [USER_NAME (Transact-SQL)](user-name-transact-sql.md)
+- [SUSER_SNAME (Transact-SQL)](suser-sname-transact-sql.md)
 - [SUSER_ID (Transact-SQL)](../../t-sql/functions/suser-id-transact-sql.md)
 - [Principals (Database Engine)](../../relational-databases/security/authentication-access/principals-database-engine.md)
+- [sys.server_principals (Transact-SQL)](../../relational-databases/system-catalog-views/sys-server-principals-transact-sql.md)
+- [sys.sql_logins (Transact-SQL)](../../relational-databases/system-catalog-views/sys-sql-logins-transact-sql.md)