Scribd Logo
Upload

Welcome to Scribd!

  • Real Life+Examples

    Uploaded by

    clouditlab9
    4 views2 pages
    reak

    Original Title

    Real Life+Examples (1)

    Copyright

    © © All Rights Reserved

    Available Formats

    TXT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    reak

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    4 views2 pages

    Real Life+Examples

    Uploaded by

    clouditlab9
    reak

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 2

    ### More examples - 1 - ###

    USE ROLE ACCOUNTADMIN;

    create or replace masking policy emails as (val varchar) returns varchar ->
    case
    when current_role() in ('ANALYST_FULL') then val
    when current_role() in ('ANALYST_MASKED') then regexp_replace(val,'.+\
    @','*****@') -- leave email domain unmasked
    else '********'
    end;

    -- apply policy
    ALTER TABLE IF EXISTS CUSTOMERS MODIFY COLUMN email
    SET MASKING POLICY emails;

    -- Validating policies
    USE ROLE ANALYST_FULL;
    SELECT * FROM CUSTOMERS;

    USE ROLE ANALYST_MASKED;


    SELECT * FROM CUSTOMERS;

    USE ROLE ACCOUNTADMIN;

    ### More examples - 2 - ###

    create or replace masking policy sha2 as (val varchar) returns varchar ->
    case
    when current_role() in ('ANALYST_FULL') then val
    else sha2(val) -- return hash of the column value
    end;

    -- apply policy
    ALTER TABLE IF EXISTS CUSTOMERS MODIFY COLUMN full_name
    SET MASKING POLICY sha2;

    ALTER TABLE IF EXISTS CUSTOMERS MODIFY COLUMN full_name


    UNSET MASKING POLICY;

    -- Validating policies
    USE ROLE ANALYST_FULL;
    SELECT * FROM CUSTOMERS;

    USE ROLE ANALYST_MASKED;


    SELECT * FROM CUSTOMERS;

    USE ROLE ACCOUNTADMIN;


    ### More examples - 3 - ###

    create or replace masking policy dates as (val date) returns date ->
    case
    when current_role() in ('ANALYST_FULL') then val
    else date_from_parts(0001, 01, 01)::date -- returns 0001-01-01 00:00:00.000
    end;

    -- Apply policy on a specific column


    ALTER TABLE IF EXISTS CUSTOMERS MODIFY COLUMN create_date
    SET MASKING POLICY dates;

    -- Validating policies

    USE ROLE ANALYST_FULL;


    SELECT * FROM CUSTOMERS;

    USE ROLE ANALYST_MASKED;


    SELECT * FROM CUSTOMERS;

    You might also like