Dynamic Data Masking on BigQuery
Recently BigQuery launched the support for dynamic data masking, which means we can obscure column data for groups of users. This also could be used in combination with column-level access control as we see in my last article.
We assume you have basic experience with BigQuery, and an idea about column-level access control on BigQuery using Data Catalog. Please check this article if you need more context.
Use Case
A company called Datapath needs that all its employees have access to a contact table on BigQuery, obviously by default nobody could be able to see the email and id columns. On the other side, a special team A requires to access the id column and needs to have a way to use the email column for joins.
Considering the scenario we propose the next Policy Tag Taxonomy and Data Masking Rules.
Step-by-step guide
- Create a Policy Tag Taxonomy following the use case description
2. Add Data Masking Rules
2.1 Select ‘Contact_policies’ and click on ‘MANAGE DATA POLICIES’.