...
Tags and policies have been added for Confidential and Restricted in the dev environment for testing
...
Confidential policy VQL
| Code Block |
|---|
CREATE OR REPLACE GLOBAL_SECURITY_POLICY mask_confidential_columns
DESCRIPTION = 'Masks all columns with the confidential tag for non-admins without the confidential role'
ENABLED = TRUE
AUDIENCE (
NOT_IN ROLES (confidential, "grp_ds_denodo-admin")
)
ELEMENTS (
ALL VIEWS
)
RESTRICTION (
FILTER = ''
MASKING ANY (confidential) WITH (HIDE) (numbers WITH DEFAULT, datetimes WITH DEFAULT, texts WITH DEFAULT)
); |
...
Restricted policy VQL
| Code Block |
|---|
CREATE OR REPLACE GLOBAL_SECURITY_POLICY mask_restricted_columns
DESCRIPTION = 'Masks all columns that have the restricted tag for non-admins without the restricted role.'
ENABLED = TRUE
AUDIENCE (
NOT_IN ROLES ("grp_ds_denodo-admin", restricted)
)
ELEMENTS (
ALL VIEWS
)
RESTRICTION (
FILTER = ''
MASKING ANY (restricted) WITH (HIDE) (numbers WITH DEFAULT, datetimes WITH DEFAULT, texts WITH DEFAULT)
); |
Demo
A test view test.security test has been created in the test VDB.
...