A powerful use of symbolic
substitution is deploying row level security on sensitive tables that
use views. Suppose there is a sensitive table that only certain users
or groups can access. The administrator can use symbolic substitution
to create a single view to the table that provides restricted access
based on user ID or groups. The administrator could give universal
access to the view, but only users or groups that meet the symbolic
substitution constraints will see the rows.
For another example,
imagine a table that contains sensitive information has one column
that contains group names or user IDs. The administrator can use symbolic
substitution to create a single view that allows users to access only
the rows that contain his user ID or group. The administrator could
give universal access to the view, but each user or group would be
allowed to only see their user or group rows.
Note: SPD Server SQL symbolic substitution
uses an 8-byte literal string (blank padded if necessary) to replace
SPD Server user and SPD Server group names. Symbolic substitution
will not match a column that is less than 8 characters long. If the
table column that contains user IDs or group names is not at least
8 characters wide, symbolic substitution will not function.