A Snowflake Administrator needs to ensure that sensitive corporate data in Snowflake tables is not visible to end users, but is partially visible to functional managers.
How can this requirement be met?
A Snowflake Administrator needs to ensure that sensitive corporate data in Snowflake tables is not visible to end users, but is partially visible to functional managers.
How can this requirement be met?
To ensure that sensitive corporate data in Snowflake tables is not visible to end users but is partially visible to functional managers, dynamic data masking is the appropriate solution. Dynamic data masking allows specific portions of data fields to be obfuscated based on the role of the user accessing the data, thereby providing granular control over data visibility. This approach meets the requirement of keeping data hidden from some users while allowing partial visibility to others.
Masking policy administrators can implement a masking policy such that analysts (i.e. users with the custom ANALYST role) can only view the last four digits of a phone number and none of the social security number, while customer support representatives (i.e. users with the custom SUPPORT role) can view the entire phone number and social security number for customer verification use cases. https://docs.snowflake.com/en/user-guide/security-column-intro.html#what-are-masking-policies
Correct
Even though a secured materialised view can do the job at higher cost.
B. Use dynamic data masking.
Dynamic Data Masking