On Tue, Aug 23, 2022 at 1:10 PM Andrés de la Peña <adelap...@apache.org> wrote:
> One thought: The way the CEP is currently written, it is only possible to >> mask a column one way. You can only define one masking function for a >> column, and since you use the original column name, you could only return >> one version of it in the result set, even if you had a way to define >> several functions. >> > > Right, it's one single type of mapping per the column, declared on > CREATE/ALTER TABLE statements. Also, users can manually specify their own > masking function in SELECT statements if they have permissions for seeing > the clear data. > > For those cases where the data is automatically masked for an unprivileged > user, I don't see the use of including different types of masking for the > same column into the same result set. Instead, we might be interested on > having different types of masking associated to different roles. We could > do so with dedicated CREATE/DROP/LIST MASK statements, instead of using the > CREATE/ALTER/DESCRIBE TABLE statements. That CREATE MASK statement would > associate a masking function to a column and role. However, I'm not sure we > need that type of granularity instead of the simplicity of attaching the > masking to the column declaration. wdyt? > > > My gut feeling likewise is that this adds complexity but little value. > >> -- Henrik Ingo +358 40 569 7354 <358405697354> [image: Visit us online.] <https://www.datastax.com/> [image: Visit us on Twitter.] <https://twitter.com/DataStaxEng> [image: Visit us on YouTube.] <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.youtube.com_channel_UCqA6zOSMpQ55vvguq4Y0jAg&d=DwMFaQ&c=adz96Xi0w1RHqtPMowiL2g&r=IFj3MdIKYLLXIUhYdUGB0cTzTlxyCb7_VUmICBaYilU&m=bmIfaie9O3fWJAu6lESvWj3HajV4VFwgwgVuKmxKZmE&s=16sY48_kvIb7sRQORknZrr3V8iLTfemFKbMVNZhdwgw&e=> [image: Visit my LinkedIn profile.] <https://www.linkedin.com/in/heingo/>
