What does a masking policy consist of in Snowflake?
What does a masking policy consist of in Snowflake?
A masking policy in Snowflake consists of a single data type, one or more conditions, and one or more masking functions. This allows for flexible data masking rules that can be applied to various columns across databases and schemas, catering to different requirements using conditional expressions and various masking functions.
A "A masking policy consists of a single data type, one or more conditions, and one or more masking functions." https://docs.snowflake.com/en/user-guide/security-column-intro
A masking policy consists of a single data type, one or more conditions, and one or more masking functions. -You can apply the masking policy to one or more table/view columns with the matching data type. For example, you can define a policy for an email address once and apply it to 1000s of email columns across databases and schemas. -Masking policy conditions can be expressed using Conditional Expression Functions and Context Functions or by querying a custom entitlement table. You can use the context functions INVOKER_ROLE and INVOKER_SHARE for use with views and shares, respectively. -Masking functions can be any of the built-in functions (e.g. REGEXP_REPLACE, SHA2 , SHA2_HEX), User-Defined Functions Overview, or Writing External Functions (for de-tokenization using an external tokenization provider).
A masking policy consists of a single data type, one or more conditions, and one or more masking functions