3

I am trying to apply data masking policy on shared database where we have access to only views.However I provided grant to databases also.I am not able to apply this masking policy

here is my code

create or replace masking policy Policy_name as (val string) returns string ->
case
when current_role() in ('SECURITYADMIN') then val
else '*********'
end;

alter table if exists TABLE_NAME modify column PHN_NUMBER set MASKING POLICY Policy_name PHN_NUMBER;

error:

SQL execution error: Creating masking_policy on shared database 'DATABASE_NAME' is not allowed.
Simeon Pilgrim
  • 22,906
  • 3
  • 32
  • 45
Divya
  • 31
  • 3

1 Answers1

1

the limitation of DATA MASKING section says you cannot do this.

A data sharing consumer cannot apply a masking policy to a shared database or table. As a workaround, import the shared database or table and apply the masking policy to a local view on that shared table column.

Simeon Pilgrim
  • 22,906
  • 3
  • 32
  • 45
  • Thank you simeon for your information.Can we define roles that have access to shared views that may contain PII and manage that at the user access level. Can we limit user level access to those tables or views from a share?Are we able to define any roles and limit the user level access in shared database – Divya Nov 17 '21 at 20:56
  • I cannot answer in absolutes, I just read this section of the manual the other night so knew you cannot MASK on the imported tables directly, but it seems as stated above, that you can add a view to the table and mask on that, and thus move grant permission to the table but to the view thus control access that way. – Simeon Pilgrim Nov 17 '21 at 21:00
  • Thank you simeon. As it is a shared database we dont have any access for tables as we have only access to views. And we want some way here in this database to mask this PII data or any RBAC needs to be done.Do you have any suggestions – Divya Nov 17 '21 at 21:26