Skip to main content

PrivaceraCloud Documentation

Table of Contents

Column masking use-case - How do I restrict a user from seeing contents of a column by masking the values in the result of a SQL select query?


There are use cases where you want to restrict a user from seeing contents of a column but still be able to see partial contents or hashed values for reference purpose instead of the actual value. To demonstrate this masking policy use-case, click on the Masking tab and open the Anonymize city policy. In the masking policy, you will see that the catalog, schema, table and column points to your catalog, sales_schema, sales_data table and the city column. The purpose of this policy is to display the MD5 hash of the city column in the select query results.

Scroll down to the Masking Conditions and verify that your email address is in the Select User and the Select Masking Option is set to MD5. Scroll up and enable the policy by selecting the Disabled toggle besides the policy name. Scroll down and save the policy.

The masking policy runs in addition to the access policy. So for this use case to work, you should disable the Sales Data Specific Column policy and enable the Sales Data All Access policy.

Switch to your Databricks Workspace's SQL Editor and re-run the select query on the secure schema,

select * from <catalog>.sales_schema_secure.sales_table

The result will contain these columns of the table - id, country, region, city, name, sales_amount. You will notice that the city column is now showing the MD5 hash of the actual city value.