Reputation: 5500
Is it possible to apply the dynamic data masking on already encrypted column in same table
I was implemented the Always Encrypted and Dynamic data masking concepts in my azure SQL database on two different tables.
But I have doubt like “Is it possible to apply the dynamic data masking on already encrypted column in same table”.
I tried the above scenario it gives error like “The data type of column 'SSN' does not support data masking function 'partial'.”.
I run the below query for applying the masking on already encrypted column.
ALTER TABLE [dbo].[CustomerTables]
ALTER COLUMN [SSN] ADD MASKED WITH (FUNCTION = 'partial(0,"XXX-XX-",4)');
Is it possible to apply the dynamic data masking on already encrypted column in same table?
Upvotes: 2
Views: 1310
Answers (1)
Reputation: 596
No, currently encrypted columns cannot be masked. And, you cannot encrypt a column that has been masked.
With Dynamic Data Masking, masked values are produced on the server side. To produce a masked value (especially using a partial mask), SQL Server needs to know the original value (in plaintext). If a column is encrypted with Always Encrypted, SQL Server only knows ciphertext and it cannot decrypt it - only a client application can decrypt the values stored in encrypted columns.
Upvotes: 3
Related Questions
- How to save modified mask value into azure SQL database with original value but not an mask value?
- how to insert encrypted column data in SQL Server / SQL Azure
- SQL Always Encrypted vs SQL Dynamic Data Masking
- Dynamic Data Masking not applying for unprivileged users on Azure SQL Database
- Column Level Encryption in Azure SQL Datawarehouse
- Dynamic Data Masks stopped working
- Column level encryption on SQL Azure with logical partition on tables
- Data encryption for few columns in a table
- SQL Server 2016 - Dynamic Data Masking (DDM)
- Need to mask encrypted field in SQL