MSCEWI4057

Masking role must be defined previously by the user.

Severity

Low

Description

This is EWI occurs when a MASKING POLICY is created and a role or privilege must be linked to it so the data masking could work properly.

Code Example

Input code

ALTER TABLE tableName
ALTER COLUMN columnName
ADD MASKED WITH (FUNCTION = 'partial(1, "xxxxx", 1)');

Output code:

/*** MSC-WARNING - MSCEWI4057 - MASKING ROLE MUST BE DEFINED PREVIOUSLY BY THE USER ***/
CREATE OR REPLACE MASKING POLICY "partial_1_xxxxx_1" AS
(val STRING)
RETURNS STRING ->
CASE
WHEN current_role() IN ('YOUR_DEFINED_ROLE_HERE')
THEN val
ELSE LEFT(val, 1) || 'xxxxx' || RIGHT(val, 1)
END;

As shown on line 6, there is a placeholder where the defined roles can be placed. There is room for one o several values separated by commas. Also, here, the use of single qoutes is mandatory for each of the values.

Recommendations

Last updated