search

Snowflake-Labs / terraform-provider-snowflake

Terraform provider for managing Snowflake accounts
https://registry.terraform.io/providers/Snowflake-Labs/snowflake/latest
MIT License
541 stars 416 forks source link

Conditional Masking Policy #1656

Open amit0904 opened 1 year ago

amit0904 commented 1 year ago

Snowflake allows to create conditional masking policy

https://docs.snowflake.com/en/sql-reference/sql/create-masking-policy#example-conditional-masking-policy

-- Conditional Masking

create masking policy email_visibility as
(email varchar, visibility string) returns varchar ->
  case
    when current_role() = 'ADMIN' then email
    when visibility = 'Public' then email
    else '***MASKED***'
  end;

Support for multiple value_data_type

resource "snowflake_masking_policy" "example_masking_policy" {
  name               = "EXAMPLE_MASKING_POLICY"
  database           = "EXAMPLE_DB"
  schema             = "EXAMPLE_SCHEMA"
  value_data_type    = "email varchar, visibility string"
  masking_expression = "case when current_role() in ('ANALYST') then val else sha2(val, 512) end"
  return_data_type   = "string"
}
dlouseiro commented 1 year ago

We're also in need of this feature!

sfc-gh-jmichalak commented 2 weeks ago

Hi, sorry for the late response. We've released v0.96.0, which includes adjusting and fixing masking policies. Please upgrade with the migration guide.