3

I am trying to apply data masking policy on shared database where we have access to only views.However I provided grant to databases also.I am not able to apply this masking policy

here is my code

create or replace masking policy Policy_name as (val string) returns string ->
case
when current_role() in ('SECURITYADMIN') then val
else '*********'
end;

alter table if exists TABLE_NAME modify column PHN_NUMBER set MASKING POLICY Policy_name PHN_NUMBER;

error:

SQL execution error: Creating masking_policy on shared database 'DATABASE_NAME' is not allowed.
Improve this question

1 Answer 1

Reset to default
1

the limitation of DATA MASKING section says you cannot do this.

A data sharing consumer cannot apply a masking policy to a shared database or table. As a workaround, import the shared database or table and apply the masking policy to a local view on that shared table column.

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

Thank you simeon for your information.Can we define roles that have access to shared views that may contain PII and manage that at the user access level. Can we limit user level access to those tables or views from a share?Are we able to define any roles and limit the user level access in shared database
I cannot answer in absolutes, I just read this section of the manual the other night so knew you cannot MASK on the imported tables directly, but it seems as stated above, that you can add a view to the table and mask on that, and thus move grant permission to the table but to the view thus control access that way.
Thank you simeon. As it is a shared database we dont have any access for tables as we have only access to views. And we want some way here in this database to mask this PII data or any RBAC needs to be done.Do you have any suggestions

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.