0 0
Read Time:1 Minute, 56 Second

During this post we will discuss about the Conditional Policy in snowflake. Conditional Policy is a type of Column Level Security policy to dynamically mask data at query time in one column based on the value of other column. In other words, a masking policy to selectively protect the column data in a table base on values in one or more different columns.

Conditional masking policy specifies two arguments, CARD and SERVICE_CD, and these arguments are column names. The first column always specifies the column to mask. The second column is a conditional column to evaluate whether the first column should be mask or not.

Consider a scenario where we have customer Info table. Table contains Credit Card details of the all banks i.e. HDFC,ICICI,AMEX,SBI along with customer data. However, The Same table is being accessed by the respective Credit card representative. As part of the security layer one Bank representative should not be authorized to access the details of other Bank credit card. Example HDFC representative should access ICICI or SBI or other banks. We have implemented conditional masking on the Customer Table.

Below table stores the Credit card details:

User_Info
  • Create the Masking Policy
    • CARD should be mask.
    • SERVICE_CD determines the condition if CARD to be mask or not.

create or replace masking policy card_visibility as

(CARD varchar, Service_Cd string) returns varchar ->

case

when current_role() = 'HDFCREP' and CONTAINS(Service_Cd,'HDFC') =TRUE then CARD

when current_role() = 'AMEXREP' and CONTAINS(Service_Cd,'AMEX') =TRUE then CARD

when current_role() = 'ICICIREP' and CONTAINS(Service_Cd,'ICIC') =TRUE then CARD

else '***MASKED***'

end;

  • Apply Masking Policy on CARD Column.

alter table if exists user_info modify column CARD set masking policy card_visibility using (CARD, Service_Cd);

  • Create the below Roles.
    • HDFCRep
    • AMEXRep
  • Assign Roles to the User.
  • Grant the required privilege’s to Select the table.
Roles and Users

Login with HDFC and verify the result.

HDFC Roles

Login with AMEX and verify the result.

AMEX Role

Hence we can see Data gets mask based on the Authorized Role.

About Post Author

Sachin Mittal

sachin.mittal04@gmail.com
https://cloudyard.in
Happy
0 %
Sad
0 %
Excited
0 %
Sleepy
0 %
Angry
0 %
Surprise
0 %

Related articles

SHARE Restrictions in Snowflake
Snowflake Admin

SHARE Restrictions in Snowflake

By Sachin Mittal
Data Sharing with Listing in snowflake
Snowflake Admin

Data Sharing with Listing in snowflake

By Sachin Mittal
Execute Immediate From Stage
Snowflake Admin

Execute Immediate From Stage

By Sachin Mittal
Schema Evolution with CSV
Snowflake Admin

Schema Evolution with CSV

By Sachin Mittal
Streams on Consumer Account
Snowflake Admin

Streams on Consumer Account

By Sachin Mittal

Average Rating

5 Star
0%
4 Star
0%
3 Star
0%
2 Star
0%
1 Star
0%
(Add your review)

Leave a Reply

Your email address will not be published. Required fields are marked *

Search
Social profiles

Dynamic Merge in Snowflake

Credit Consumption Notification by Role

Identifying Table Types Within a Session

Customer Segmentation with Snowpark

Keeping an Eye on Your Snowflake Warehouse: Automated Monitoring and Email Alerts

Exploring Books with Snowpark and Streamlit

Automating Dynamic Table Creation with Event Logging

Simplifying Data Processing with Snowpark