Tags
Advanced SQL Interview Questions and Answers, Advanced SQL tutorial pdf, any recommended websites for sql puzzles, Best SQL Puzzles, Buy SQL Server Interview Questions Book Online at Low Price, COmples tSQL puzzles, Complex SQL Challenges, complex sql statement(puzzle), Complex tsql, Complex TSQL Challenge, convert string to proper case in sql server, Data Masking in Sql, Deafult Masking Function, Divide rows into two columns, Download SQL Questions, Download SQL Server Interview Question in PDF, Download SQL SERVER Interview questions, Download SQL Server Interview questions and answers, download sql server interview questions and answers pdf, download sql server interview questions by Pawan Khowal, download sql server interview questions by Pawan Kumar, download sql server interview questions by Pawan Kumar Khowal, Download T-SQL Interview Questions, DROP MASKED, Dynamic Data Masking, Dynamic Data Masking in Sql, Dynamic Data Masking in Sql Server 2016, Email Masking in Sql, Free Download SQL SERVER Interview questions, Get Next Value Puzzle, Huge blank areas in database field, Improve SQL Skills, Interview Puzzles in SQL Server, Interview Qs.SQL SERVER Questions, Interview questions and Answers for MS SQL Server designing, Interview Questions and Answers For SQL, Interview questions on Joins, Interview Questions on SQL, Interview SQL Puzzles, InterviewQuestions, InterviewQuestions for SQL, Learn complex SQL, Learn SQL, Learn T-SQL, Masking in Sql, Masking in Sql 2016, Masking in Sql Server, Microsoft SQL Server interview questions for DBA, MS SQL Server interview questions, MSBI Interview Questions, Objective Puzzle, Partial Masking in Sql, Pawan, Pawan Khowal, Pawan Kumar, Pawan Kumar Khowal, PL/SQL Challenges, Puzzle SQL, puzzle sql developer, Puzzle SQl Server, Puzzles, PUzzles in SQL SERVER, Queries for SQL Interview, Random Masking in Sql, Remove Huge Multiple Spaces from a DB Fields, Remove Msking, Remove Multiple Spaces from a DB Fields, Security Features, Separate Int and char from a string column, Single Quote update SQL, SQL, SQL - The Pattern Puzzles, SQL 2012, SQL 2014, SQL 2014 Interview Questions, Sql 2016, SQL Challenge, SQL Challenges, SQL Extreme Difficult Puzzle, SQL FAQ, SQL FAQs, sql group by only rows which are in sequence, SQL Interview Q & A, SQL Interview Questions, SQL Interview Questions - Part 2, SQL Interview Questions for SQL Professionals, SQL Joins, SQL Pattern Puzzles, SQL pl/sql puzzles, SQL prime number puzzle, SQL puzzle, SQL Puzzles, sql puzzles & answers, sql puzzles and answers free download, sql puzzles and answers pdf, sql puzzles for interview, sql puzzles oracle, SQL Queries, SQL Queries asked in interviews, SQL QUERY PUZZLES, SQL Query to Find Nth Highest Salary of Employee, SQL Questions, SQL Quiz, SQL Replace Puzzle, SQL Server, SQL Server - Common Interview Questions and Answers, SQL SERVER - Find Nth Highest Salary of Employee, SQL Server - General Interview Questions and Answers, sql server 2008 interview questions, SQL Server 2008 Interview Questions and Answers, Sql Server 2016, Sql Server 2016Custom Masking in Sql, SQL Server Database, SQL Server database developer interview questions and answers, sql server dba interview questions, SQL Server developer Interview questions and answers, SQL Server developer Interview questions with answers, SQL Server Developer T-SQL Interview Questions, SQL server filter index with LIKE and RIGHT function?, SQL Server Interview Puzzle, SQL SERVER Interview questions, SQL SERVER Interview questions & Answers, SQL Server Interview Questions - Part 1, SQL Server Interview questions and answers, SQL Server Interview Questions and Answers - Free PDF, SQL SERVER Interview questions and answers for experienced, sql server interview questions and answers for net developers, SQL Server Interview Questions And Answers.pdf, sql server interview questions by Pawan Khowal sql interview questions, SQL SERVER Interview questions pdf, SQL Server Interview Questions | MSBISKILLS.Com, SQL Server Interview Questions | MSBISKILLS.com Top 50 SQL Server Questions & Answers, SQL Server Interview Questions/Answers Part-1, SQL Server Puzzle, SQL SERVER Puzzles, SQL server Questions and Answers, SQL SERVER Tips, SQL Skills, SQL Sudoku, SQL Tips & Tricks, SQL Tips and Tricks, SQL Top clause, SQL Tough Puzzle, SQL Tricks, SQL Trikcy question, sql/database interview for puzzle sql developer, SQLBI Interview Questions, SQLSERVER, SUM of grouped COUNT in SQL Query, T SQL Puzzles, T-SQL Challenge, T-SQL Interview Questions | SQL Server Interviews and Jobs, T-SQL Puzzle, T-SQL Server Interview Questions, T-SQL Tricky Puzzles, The Status Puzzle, Top 10 Frequently Asked SQL Query Interview Questions, TOP 100 SQL SERVER INTERVIEW QUESTIONS QUERIES, Top 50 SQL Server Interview Question for Testers, Tough SQL Challenges, Tough SQL Puzzles, Tricky Questions, TSQL, TSQL Challenge, TSQL Challenges, TSQL Interview questions, TSQL Puzzle, TSQL Puzzles, TSQL Queries, UNMASK Permission
NEW T-SQL FEATURES IN SQL SERVER 2016 – XVIII | Dynamic Data Masking
In this post we shall check out the new features Microsoft introduced in SQL Server 2016 | Dynamic Data Masking
New feature – XVIII | Dynamic Data Masking
Dynamic data masking limits sensitive data exposure by masking it to non-privileged users.
Dynamic data masking helps prevent unauthorized access to sensitive data by enabling customers to designate how much of the sensitive data to reveal with minimal impact on the application layer. DDM can be configured on the database to hide sensitive data in the result sets of queries over designated database fields, while the data in the database is not changed. Dynamic data masking is easy to use with existing applications, since masking rules are applied in the query results. Many applications can mask sensitive data without modifying existing queries.
**-From Microsoft
More Details-
1. A central data masking policy acts directly on sensitive fields in the database.
2. Designate privileged users or roles that do have access to the sensitive data.
3. DDM features full masking and partial masking functions, as well as a random mask for numeric data.
4. Simple Transact-SQL commands define and manage masks.
Types of masks available are
1. Default
2. Email
3. Random
4. Custom String
Examples
Prepare data for examples of Dynamic Data Masking
-- CREATE TABLE testDataMASKING ( Id INT ,[Name] VARCHAR(100) ,DOJ DATETIME ,EmailId VARCHAR(100) ,Cell VARCHAR(20) ,Salary DECIMAL(38,2) ) GO INSERT INTO testDataMASKING VALUES (1,'Pawan',GETDATE() - 100 , 'Pawan@MSBISKILLS.COM','917-470-9890', 100000), (2,'Ramesh',GETDATE() - 20 , 'Ramesh@MSBISKILLS.COM','917-471-9890',1900000), (3,'Avtaar',GETDATE() - 19, 'Avtaar@MSBISKILLS.COM','917-470-9810',200000), (4,'Sharlee',GETDATE() - 200, 'Sharlee@MSBISKILLS.COM','917-470-3890',300000), (5,'Vaibhav',GETDATE() - 10, 'Vaibhav@MSBISKILLS.COM','917-470-9000',4000000), (6,'Ishu',GETDATE() - 18, 'Ishu@MSBISKILLS.COM','917-470-9981',900000), (7,'Chandar',GETDATE() - 19, 'Chandar@MSBISKILLS.COM','917-470-1234',190000), (8,'Kishan',GETDATE() - 45, 'Kishan@MSBISKILLS.COM','917-470-7634',180000) GO -- |
/*Create a Read only user*/
-- CREATE USER OnlyRead WITHOUT LOGIN GRANT SELECT ON testDataMASKING TO OnlyRead GO -- |
Current data that we need to mask
--
SELECT * FROM testDataMASKING
Id Name DOJ EmailId Cell Salary
----------- --------------- ------- ----------------------- -------------------------- -------------------- -------------
1 Pawan 2017-10-15 14:30:29.903 Pawan@MSBISKILLS.COM 917-470-9890 100000.00
2 Ramesh 2018-01-03 14:30:29.903 Ramesh@MSBISKILLS.COM 917-471-9890 1900000.00
3 Avtaar 2018-01-04 14:30:29.903 Avtaar@MSBISKILLS.COM 917-470-9810 200000.00
4 Sharlee 2017-07-07 14:30:29.903 Sharlee@MSBISKILLS.COM 917-470-3890 300000.00
5 Vaibhav 2018-01-13 14:30:29.903 Vaibhav@MSBISKILLS.COM 917-470-9000 4000000.00
6 Ishu 2018-01-05 14:30:29.903 Ishu@MSBISKILLS.COM 917-470-9981 900000.00
7 Chandar 2018-01-04 14:30:29.903 Chandar@MSBISKILLS.COM 917-470-1234 190000.00
8 Kishan 2017-12-09 14:30:29.903 Kishan@MSBISKILLS.COM 917-470-7634 180000.00
(8 rows affected)
--
|
Example of Default Function Masking for Name and DOJ column
--
ALTER TABLE testDataMASKING
ALTER COLUMN [Name] ADD MASKED WITH (FUNCTION='DEFAULT()')
ALTER TABLE testDataMASKING
ALTER COLUMN DOJ ADD MASKED WITH (FUNCTION='DEFAULT()')
EXECUTE AS USER = 'OnlyRead';
SELECT * FROM testDataMASKING;
REVERT;
OUTPUT
Id Name DOJ EmailId Cell Salary
----------- -------------- ----------------------- --------------------------- -------------------- -----------------
1 xxxx 1900-01-01 00:00:00.000 Pawan@MSBISKILLS.COM 917-470-9890 100000.00
2 xxxx 1900-01-01 00:00:00.000 Ramesh@MSBISKILLS.COM 917-471-9890 1900000.00
3 xxxx 1900-01-01 00:00:00.000 Avtaar@MSBISKILLS.COM 917-470-9810 200000.00
4 xxxx 1900-01-01 00:00:00.000 Sharlee@MSBISKILLS.COM 917-470-3890 300000.00
5 xxxx 1900-01-01 00:00:00.000 Vaibhav@MSBISKILLS.COM 917-470-9000 4000000.00
6 xxxx 1900-01-01 00:00:00.000 Ishu@MSBISKILLS.COM 917-470-9981 900000.00
7 xxxx 1900-01-01 00:00:00.000 Chandar@MSBISKILLS.COM 917-470-1234 190000.00
8 xxxx 1900-01-01 00:00:00.000 Kishan@MSBISKILLS.COM 917-470-7634 180000.00
(8 rows affected)
--
|
Example of Function Masking for Email
--
ALTER Table testDataMASKING
ALTER COLUMN EmailId ADD MASKED WITH (FUNCTION='Email()')
EXECUTE AS USER = 'OnlyRead';
SELECT * FROM testDataMASKING;
REVERT;
OUTPUT
Id Name DOJ EmailId Cell Salary
----------- --------- ----- ----------------------- -------------------- --- -------------------- --------------
1 xxxx 1900-01-01 00:00:00.000 PXXX@XXXX.com 917-470-9890 100000.00
2 xxxx 1900-01-01 00:00:00.000 RXXX@XXXX.com 917-471-9890 1900000.00
3 xxxx 1900-01-01 00:00:00.000 AXXX@XXXX.com 917-470-9810 200000.00
4 xxxx 1900-01-01 00:00:00.000 SXXX@XXXX.com 917-470-3890 300000.00
5 xxxx 1900-01-01 00:00:00.000 VXXX@XXXX.com 917-470-9000 4000000.00
6 xxxx 1900-01-01 00:00:00.000 IXXX@XXXX.com 917-470-9981 900000.00
7 xxxx 1900-01-01 00:00:00.000 CXXX@XXXX.com 917-470-1234 190000.00
8 xxxx 1900-01-01 00:00:00.000 KXXX@XXXX.com 917-470-7634 180000.00
(8 rows affected)
--
|
Example of Partial Masking for Cell column
--
ALTER Table testDataMASKING
ALTER COLUMN Cell ADD MASKED WITH (FUNCTION = 'partial(1,"p",1)')
EXECUTE AS USER = 'OnlyRead';
SELECT * FROM testDataMASKING;
REVERT;
OUTPUT
Id Name DOJ EmailId Cell Salary
----------- ---------- - ----------------------- ----------------- ------- -- --------------
1 xxxx 1900-01-01 00:00:00.000 PXXX@XXXX.com 9p0 100000.00
2 xxxx 1900-01-01 00:00:00.000 RXXX@XXXX.com 9p0 1900000.00
3 xxxx 1900-01-01 00:00:00.000 AXXX@XXXX.com 9p0 200000.00
4 xxxx 1900-01-01 00:00:00.000 SXXX@XXXX.com 9p0 300000.00
5 xxxx 1900-01-01 00:00:00.000 VXXX@XXXX.com 9p0 4000000.00
6 xxxx 1900-01-01 00:00:00.000 IXXX@XXXX.com 9p1 900000.00
7 xxxx 1900-01-01 00:00:00.000 CXXX@XXXX.com 9p4 190000.00
8 xxxx 1900-01-01 00:00:00.000 KXXX@XXXX.com 9p4 180000.00
(8 rows affected)
--
|
Example of Random Masking on column Salary
--
ALTER Table testDataMASKING
ALTER COLUMN Salary ADD MASKED WITH (FUNCTION='Random(0,7)')
EXECUTE AS USER = 'OnlyRead';
SELECT * FROM testDataMASKING;
REVERT;
OUTPUT
Id Name DOJ EmailId Cell Salary
----------- --------- ----------------------- -------------------- ------- - ----------
1 xxxx 1900-01-01 00:00:00.000 PXXX@XXXX.com 9p0 3.69
2 xxxx 1900-01-01 00:00:00.000 RXXX@XXXX.com 9p0 1.24
3 xxxx 1900-01-01 00:00:00.000 AXXX@XXXX.com 9p0 3.35
4 xxxx 1900-01-01 00:00:00.000 SXXX@XXXX.com 9p0 2.90
5 xxxx 1900-01-01 00:00:00.000 VXXX@XXXX.com 9p0 1.98
6 xxxx 1900-01-01 00:00:00.000 IXXX@XXXX.com 9p1 0.05
7 xxxx 1900-01-01 00:00:00.000 CXXX@XXXX.com 9p4 0.12
8 xxxx 1900-01-01 00:00:00.000 KXXX@XXXX.com 9p4 5.51
(8 rows affected)
--
|
Drop All Masks and check data for readonly user
-- ALTER TABLE testDataMASKING ALTER COLUMN Salary DROP MASKED ALTER TABLE testDataMASKING ALTER COLUMN Cell DROP MASKED ALTER TABLE testDataMASKING ALTER COLUMN EmailId DROP MASKED ALTER TABLE testDataMASKING ALTER COLUMN DOJ DROP MASKED ALTER TABLE testDataMASKING ALTER COLUMN [Name] DROP MASKED EXECUTE AS USER = 'OnlyRead'; SELECT * FROM testDataMASKING; REVERT; -- |
OUTPUT after Masking removed for Onlyread user
--
Id Name DOJ EmailId Cell Salary
----------- ----------- --- ----------------------- ---------------------------- --- -------------------- --------------
1 Pawan 2017-10-15 14:30:29.903 Pawan@MSBISKILLS.COM 917-470-9890 100000.00
2 Ramesh 2018-01-03 14:30:29.903 Ramesh@MSBISKILLS.COM 917-471-9890 1900000.00
3 Avtaar 2018-01-04 14:30:29.903 Avtaar@MSBISKILLS.COM 917-470-9810 200000.00
4 Sharlee 2017-07-07 14:30:29.903 Sharlee@MSBISKILLS.COM 917-470-3890 300000.00
5 Vaibhav 2018-01-13 14:30:29.903 Vaibhav@MSBISKILLS.COM 917-470-9000 4000000.00
6 Ishu 2018-01-05 14:30:29.903 Ishu@MSBISKILLS.COM 917-470-9981 900000.00
7 Chandar 2018-01-04 14:30:29.903 Chandar@MSBISKILLS.COM 917-470-1234 190000.00
8 Kishan 2017-12-09 14:30:29.903 Kishan@MSBISKILLS.COM 917-470-7634 180000.00
(8 rows affected)
--
|
Notes
1. Creating a mask on a column does not prevent updates to that column.
2. Any user can update the data if they have write permissions.
3. If you use SELECT INTO or INSERT INTO to copy data from a masked column then you will get masked data in the target table.
4. Dynamic Data Masking is also applicable on SQL Server Import and Export.
5. Masking is not applicable on following column types – Encrypted columns (Always Encrypted), FILESTREAM, COLUMN_SET or sparse column and computed column.
Refer Microsoft LINK below for more details-
| 1. https://docs.microsoft.com/en-us/sql/relational-databases/security/dynamic-data-masking |
|---|
Enjoy !!! Keep Learning
Pawan Khowal
Http://MSBISkills.com
Improving my SQL BI Skills 
Pingback: NEW T-SQL FEATURES IN SQL SERVER 2016 | Complete List | Improving my SQL BI Skills