Skip to main content

PrivaceraCloud Documentation

Table of Contents

Access use-case - How do I restrict a user from seeing contents of a column in the result of a SQL select query?


There are many use cases where you want to allow a user the ability to run a query against a table but restrict access to certain columns. To demonstrate this use case, in the PrivaceraCloud web portal, open the Sales Data Specific Columns access policy. You can see that the catalog, schema and table are pointing to your catalog, the schema is sales_schema and table is sales_data. In the column entry, you will see a list of columns to which access is allowed. We have excluded the name column from this list as we don't want the user to see the contents of the name column of the sales_data table. Scroll down and add your email address to the User field in the Allow Conditions. Then scroll up and enable the policy by clicking on the Disabled toggle switch besides the name of the policy. Scroll down and save the policy.

Also, disable the Sales Data All Access policy as we want only the Sales Data Specific Columns policy enabled for your email address.

Switch to your Databricks Workspace's SQL Editor and re-run the select query on the secure schema,

select * from <catalog>.sales_schema_secure.sales_table

The result will contain these columns: id, country, region, city, name, sales_amount. The name column will show that it has been redacted as the policy does not give you access to this column.