Dynamic Data Masking
Dynamic Data Masking (DDM) can mask sensitive data in the SQL Editor query result based on the context. It helps organizations to protect sensitive data from being exposed to unauthorized users.
How Dynamic Masking works
Bytebase dynamic masking transforms the original column data to the masked form in 2 steps:
Determine the effective column masking level
Bytebase defines 3 masking levels: No Masking
, Partial Masking
, Full Masking
.
The effective column masking level is determined by the inherent column masking level and the user access grant.
Inherent Column Masking Level | User Access Grant | Effective Column Masking Level |
---|---|---|
No Masking | No Masking | No Masking |
Partial Masking | No Masking | |
Partial Masking | No Masking | No Masking |
Partial Masking | Partial Masking | |
Full Masking | No Masking | No Masking |
Partial Masking | Partial Masking |
Determine the masking algorithm
Once the masking level is determined, the next step is to determine the corresponding masking algorithm.
Bytebase provides the default masking algorithm for Partial Masking
and Full Masking
:
- Partial Masking. Use
*
to cover the start and end of the text. - Full Masking. Use
*
to cover all text.
You can also customize the masking algorithm and specify it on the column.
Further, if you want to manage masking algorithms for different column categories, you can use Semantic Types.