securitysnowflake-cloud-data-platformpolicymaskingpii

Is there a way to create a masking policy accessible across all databases and schemas in Snowflake?


I created a masking policy that I can apply across different schemas and databases. However, unless I recreate the masking policy in each database schema combination it won't let me apply the policy. It would throw Masking policy 'DATABASE_NAME.SCHEMA_NAME.POLICY_NAME' does not exist or not authorized. Until i create the masking policy with that database and schema selected.


Solution

  • @Kyle you simply define your masking policy in a separate DB/Schema, and you can reference it from any other DBs/Schemas.

    For example, you create policy_db.policy_schema.email_mask, then you can reference this policy using the absolute path in your apply query.

    alter table if exists user_info 
      modify column email set masking policy policy_db.policy_schema.email_mask;
    

    The policy does not have to be under the same DB/Schema where the table you want to apply sits under.