SQL Dynamic Data Masking

Updated

The Commvault software uses the SQL Dynamic Masking feature to hide sensitive information from non-privileged users by masking table values. With SQL Dynamic Data Masking, sensitive data in query results are masked if the query is run by a non-privileged user. However, data masking does not affect the data itself and the data can be accessed by all Commvault jobs.

Example

User Runs Query To List Tables for Which Dynamic Masking of Sensitive Data Is Enabled

SELECT tbl.name as table_name, c.name AS column_name, c.is_masked, c.masking_function  
FROM sys.masked_columns AS c  
JOIN sys.tables AS tbl   
    ON c.object_id = tbl.object_id  
WHERE is_masked = 1
order by tbl.name
        
    

Results for Privileged User

name

net_hostname

csHostName

displayName

A_Client

xyz.abc.commvault.com

xyz.abc.commvault.com

Client1

B_Client

abc.def.commvault.com

xyz.abc.commvault.com

Client2

Another_Client

rst.uvw.commvault.com

xyz.abc.commvault.com

Client3

Fourth_Client

test

xyz.abc.commvault.com

Client4

Results for Non-Privileged User

name

net_hostname

csHostName

displayName

xxxxxnt

xxxxxcom

xxxxxcom

Cxxxx1

x_xxxxnt

axxxxcom

xxxxxcom

Cxxxx2

Anxxxx_Client

rxxxxcom

xxxxxcom

Cxxxx3

Fourth_xxxxxx

txxx

xxxxxcom

Cxxxx4