Skip to main content
Creates a masking policy, which allows dynamically transforming or masking column values for specific users or roles when they query a table.
Masking policies provide column-level data security by transforming sensitive data at query time without modifying the stored data.
Syntax:

UPDATE Clause

The UPDATE clause specifies which columns to mask and how to transform them. You can mask multiple columns in a single policy. Examples:
  • Simple masking: UPDATE email = '***masked***'
  • Partial masking: UPDATE email = concat(substring(email, 1, 3), '***@***.***')
  • Hash-based masking: UPDATE email = concat('masked_', substring(hex(cityHash64(email)), 1, 8))
  • Multiple columns: UPDATE email = '***@***.***', phone = '***-***-****'

WHERE Clause

The optional WHERE clause allows conditional masking based on row values. Only rows matching the condition will have the masking applied. Example:

TO Clause

In the TO section, specify which users and roles the policy should apply to.
  • TO user1, user2: Apply to specific users/roles
  • TO ALL: Apply to all users
  • TO ALL EXCEPT user1, user2: Apply to all users except specified ones
Unlike row policies, masking policies do not affect users who don’t have the policy applied. If no masking policy applies to a user, they see the original data.

PRIORITY Clause

When multiple masking policies target the same column for a user, the PRIORITY clause determines the application order. Policies are applied in order from highest to lowest priority. Default priority is 0. Policies with the same priority are applied in an undefined order. Example:
Performance Considerations
  • Masking policies may impact query performance depending on expression complexity
  • Some optimizations may be disabled for tables with active masking policies
Last modified on July 3, 2026