CREATE MASKING POLICY - Amazon Redshift
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

CREATE MASKING POLICY

Creates a new dynamic data masking policy to obfuscate data of a given format. For more information on dynamic data masking, see Dynamic data masking.

Superusers and users or roles that have the sys:secadmin role can create a masking policy.

Syntax

CREATE MASKING POLICY policy_name [IF NOT EXISTS] WITH (input_columns) USING (masking_expression);

Parameters

policy_name

The name of the masking policy. The masking policy can't have the same name as another masking policy that already exists in the database.

input_columns

A tuple of column names in the format (col1 type, col2 type ...).

Column names are used as the input for the masking expression. Column names don't have to match the names of the columns being masked, but the input and output data types must match.

masking_expression

The SQL expression used to transform the target columns. It can be written using data manipulation functions such as String manipulation functions, or in conjunction with user-defined functions written in SQL, Python, or with Amazon Lambda. You can include a tuple of column expressions for masking policies that have multiple outputs. If you use a constant as your masking expression, you must explicitly cast it to a type that matches the input type.

You must have the USAGE permission on any user-defined functions that you use in the masking expression.