This is a part of series “Stairway to being an Azure SQL DBA“, where I will be covering all the topics that an Azure SQL DBA should know about.
Dynamic Data masking is hiding the confidential information from the users which do not need to have access to some information, previously we had the option to either encrypt the column or use a View without the concerned column. The drawback of that was many a times these columns are required to do some meaningful data analysis and becomes compulsion to provide access to the developers who otherwise would not have the access.
To know how Dynamic Data Masking works in SQL Server check my previous blog here.
As with many other DBA tasks this one is also much easier in Azure SQL Database.
Dynamic Data Masking in Azure SQL Database
To start with I have created an Azure SQL Database with sample adventure works database. In here there is a table called Customer having the email id of customers.
Once you have identified the data to mask, go to the Azure portal, SQL Server and then the concerned database. Click on the Dynamic Data Masking tab under Security section.
As you can see currently we are not having any masking rule, let’s go ahead and create a rule to mask the email id for the customers. For that I need to click on + Add mask and fill in the required details as below and click Add.
I have selected the masking field format as email, which is the system provided format created to mask the email-id only.
Once the masking rule is enabled, any not having the access to unmask the data will see it like below.
Dynamic Data Masking is a very easy to use feature in SQL Server to hide the information from users without actually making any modification to the actual data. In Azure implementing Dynamic Data masking is even easier.