A developer is granted ownership of a table that has a masking policy. The developer’s role is not able to see the masked data.
Will the developer be able to modify the table to read the masked data?
A developer is granted ownership of a table that has a masking policy. The developer’s role is not able to see the masked data.
Will the developer be able to modify the table to read the masked data?
Object ownership of a table does not include the ability to change masking policies. Masking policies are designed to enforce data security by restricting access to masked data, even for users who have ownership of the table. The masking policies must reference specific access roles, and an object's owner does not have the inherent privilege to unset or alter these policies, ensuring that sensitive data remains protected.
Object owners (i.e. the role that has the OWNERSHIP privilege on the object) do not have the privilege to unset masking policies. Object owners cannot view column data in which a masking policy applies. https://docs.snowflake.com/en/user-guide/security-column-intro.html#what-are-masking-policies
Object owners (i.e. the role that has the OWNERSHIP privilege on the object) do not have the privilege to unset masking policies. Object owners cannot view column data in which a masking policy applies. https://docs.snowflake.com/en/user-guide/security-column-intro.html#what-are-masking-policies
https://docs.snowflake.com/en/user-guide/security-column-intro.html#what-are-masking-policies:~:text=Object%20owners%20(i.e.%20the%20role%20that%20has%20the%20OWNERSHIP%20privilege%20on%20the%20object)%20do%20not%20have%20the%20privilege%20to%20unset%20masking%20policies
D is correct
OWNERSHIP Grants full control over the masking policy. Required to alter most properties of a masking policy. Only a single role can hold this privilege on a specific object at a time.