Skip to main content

Privacera Documentation

Table of Contents

Databricks Unity Catalog row filtering and native masking on PrivaceraCloud

Be aware of some limitations in Databricks masking and row filtering. You might want to check if the feature provided by Databricks is mature enough for your needs. For example, you cannot do masking/row filtering on a view, and putting a masking/row filtering policy on a table causes issues for views that reference the table.

Because of these limitations, by default Privacera relies on secure views.


If you want to use policies for row filtering or native masking in Databricks Unity Catalog, decide or have ready the following field settings in PrivaceraCloud, which are detailed in Connect Databricks Unity Catalog to PrivaceraCloud.

  • Set field Databricks JDBC URL [ADVANCED] to the JDBC URL of an SQL warehouse. This setting is required. When PolicySync distributes a masking/row filter policy, it creates a schema in the catalog named privacera_security to store the functions needed for the policies.

  • Set field Enforce native column masking to true.

  • For column access, you can set the field How column level access should be handled to native_masking. By default, secure views are used.

    For example, suppose you have an access policy that gives the user access to only the NAME column of a table, but not any other columns. When the user runs SELECT * from <table>, the data of the NAME column is displayed but the data of all other columns is masked.

  • Decide if you want to use secure views for column masking and set the the field Enforce masking policies using secure views [ADVANCED] to true. For information about secure views see About secure database views.

How to disable secure views

To disable the use of secure view for Databricks Unity Catalog access management policies, set these fields in PrivaceraCloud to these values:



Enforce row filter policies using secure views


Enforce masking policies using secure views


How column level access should be handled


Create secure view for all tables/views


Enable dataadmin


Example of PrivaceraCloud row filtering policy

To write row filtering access management policies, be sure to set the PrivaceraCloud field Enforce native row filter policies to true.

For a step-by-step example of creating a row filter in an access management policy, see "Display only rows with a specific value to a user role" in Example: Create basic policies for table access. Although these examples deal with Databricks SQL, the steps are essentially the same for Databricks Unity Catalog.