Links
Comment on page

MSCEWI4057

Masking role must be defined previously by the user.

Severity

Low

Description

This is EWI occurs when a MASKING POLICY is created and a role or privilege must be linked to it so the data masking could work properly.

Code Example

Input code

ALTER TABLE tableName
ALTER COLUMN columnName
ADD MASKED WITH (FUNCTION = 'partial(1, "xxxxx", 1)');

Output code:

1
/*** MSC-WARNING - MSCEWI4057 - MASKING ROLE MUST BE DEFINED PREVIOUSLY BY THE USER ***/
2
CREATE OR REPLACE MASKING POLICY "partial_1_xxxxx_1" AS
3
(val STRING)
4
RETURNS STRING ->
5
CASE
6
WHEN current_role() IN ('YOUR_DEFINED_ROLE_HERE')
7
THEN val
8
ELSE LEFT(val, 1) || 'xxxxx' || RIGHT(val, 1)
9
END;
As shown on line 6, there is a placeholder where the defined roles can be placed. There is room for one o several values separated by commas. Also, here, the use of single qoutes is mandatory for each of the values.

Recommendations