Versions Compared

Version Old Version 1 New Version 2
Changes made by

Matthew Girard

Matthew Girard

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Tags and policies have been added for Confidential and Restricted in the dev environment for testing

...

Demo

A test view test.security test has been created in the test VDB.

Code Block
CREATE OR REPLACE VIEW security_test
    FOLDER = '/02-transformation'(
        hire_dt
        TAGS(confidential),
        termination_dt
        TAGS(confidential),
        annual_rt
        TAGS(confidential),
        date_of_birth
        TAGS(restricted),
        gender
        TAGS(restricted),
        race
        TAGS(restricted)
    ) AS
    SELECT '0001' AS emplid,
           'John Doe' AS name,
           cast('2024-11-01' AS TIMESTAMP) AS hire_dt,
           cast('2024-11-02' AS TIMESTAMP) AS termination_dt,
           100000.0 AS annual_rt,
           cast('1990-01-01' AS DATE) AS date_of_birth,
           'Male' AS gender,
           'Unknown' AS race
    FROM dual();

...

Each of these three queries demonstrates a different level of masking

General

Code Block
select * from test.security_test context('impersonate_roles' = 'general');

...

Confidential

Code Block
select * from test.security_test context('impersonate_roles' = 'confidential');

...

Restricted

Note that the confidential role has been added to restricted so it can satisfy any confidential policy restriction as well

Code Block
select * from test.security_test context('impersonate_roles' = 'restricted');

...