Dynamic Data Masking in Azure SQL Database

This is a part of series “Stairway to being an Azure SQL DBA“, where I will be covering all the topics that an Azure SQL DBA should know about.

Dynamic Data masking is hiding the confidential information from the users which do not need to have access to some information, previously we had the option to either encrypt the column or use a View without the concerned column. The drawback of that was many a times these columns are required to do some meaningful data analysis and becomes compulsion to provide access to the developers who otherwise would not have the access.

To know how Dynamic Data Masking works in SQL Server check my previous blog here.

As with many other DBA tasks this one is also much easier in Azure SQL Database.

Dynamic Data Masking in Azure SQL Database

To start with I have created an Azure SQL Database with sample adventure works database. In here there is a table called Customer having the email id of customers.

Unmasked data

Once you have identified the data to mask, go to the Azure portal, SQL Server and then the concerned database. Click on the Dynamic Data Masking tab under Security section.

DDM in portal

As you can see currently we are not having any masking rule, let’s go ahead and create a rule to mask the email id for the customers. For that I need to click on + Add mask and fill in the required details as below and click Add.

Masking rule

I have selected the masking field format as email, which is the system provided format created to mask the email-id only.

Once the masking rule is enabled, any not having the access to unmask the data will see it like below.

masked data

Conclusion

Dynamic Data Masking is a very easy to use feature in SQL Server to hide the information from users without actually making any modification to the actual data. In Azure implementing Dynamic Data masking is even easier.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s