Up next in 10
How To Implement Dynamic Data Masking in Fabric Data Warehouse
5K views
Jan 29, 2024
In this video, I talked about how to implement dynamic data masking in fabric data warehouse.
View Video Transcript
0:00
Hi, in this video, I'm going to show you how to implement dynamic data masking in Fabric
0:10
Data Warehouse. So, let's get started. Basically, a dynamic data masking is one of the security features in SQL Server and now
0:20
in Fabric Data Warehouse that helps to protect and limit the exposure of sensitive data to
0:26
non-privileged and unauthorized users. So in this video, quickly, I'm going to show you how we can implement that across different
0:34
users in our organization. Enough of talking, let's get started. In this case, I do have this data masking warehouse workspace created
0:43
And of course, I brought in the data from Excel using the Data Flow Gen 2
0:47
And of course, the data is loaded into the hld underscore info data warehouse
0:53
I'm going to come into the warehouse so we can see the M records table
0:57
And of course, you can see different kind of columns such as the M ID, full name, gender
1:02
marital status, email, date of hire, year in service. We can also see other columns such as the qualifications, the department, the national
1:11
insurance number, annual salary, and the pension. Now, I'm going to go back to the workspace
1:16
So basically, I share this workspace, the data warehouse, particularly to one of the
1:21
users in my organization. I click on this horizontal ellipsis and then manage access
1:26
There we go. So we can see Enoch Abiola, who is just a viewer
1:31
So I'm going to go to the Chrome. And this is users
1:35
I shared the data warehouse weight. So Enoch Abiola. And of course, you can see under the workspaces that data masking warehouse is visible to
1:44
this particular user. And of course, we can see the warehouse itself
1:49
There we go. We can see the M records table. And of course, we can see all the columns such as the M ID, full name, and so on and
1:56
so forth. Just like what I can see as the admin, as the owner of the particular workspace
2:03
So in this case, there is absolutely no masking applied to any of the columns
2:09
I'm going to go back to Edge and let's go to the warehouse itself
2:13
So we'll actually create a new query. So new query window. Now first, let's actually write a simple select top three star from the M records table
2:26
So let's run and just see the top three rows. So there we go
2:31
Now, I'm just going to move this down a little bit. So I'm going to put in a semicolon
2:35
And now let's apply data masking to the monitor status and the email address columns first
2:42
So I'm going to use the alter table. I want to alter the M records
2:47
So we'll alter the column, which column the, in this case, monitor status
2:53
So I'm going to get rid of this. Okay, so we'll actually add masked weights and then open a bracket
3:02
So I'm going to call functions. We want to apply the default data masking
3:07
So I'm just going to call it default with open and close in a bracket and I can close
3:12
this function. Now this is all done. So let's just go ahead and copy this
3:17
I'm going to copy this and put in a semicolon control V
3:21
So we want to apply masking to the email. So I'm going to get rid of this particular monitor status and let's replace with email
3:29
So I'm going to run the two queries. So there we go
3:34
So you can see succeeded just in 739 milliseconds. So of course, when I actually call the table, I can see all the records, the column because
3:45
I'm the admin. Okay, let's go to Chrome and in this case, I'm going to refresh the page
3:51
And after the refresh, you can see the monitor status, the email address columns are now masked
3:58
So the person can actually see those information and that is super cool
4:02
Let's go back to the admin, the edge. So let's apply the dynamic masking
4:10
So the annual salary, that's going to be annual salary and the pension. So control C, let's put in a semicolon control V, semicolon control V
4:18
So I'm going to replace this with annual salary and get rid of this and want to replace email
4:25
with pension. So we want to apply the default. So select the two queries again, click on run and oh, there's a problem
4:34
We already select the query. Okay. And then click on run and there we go
4:40
So we can see succeeded just in 598 milliseconds. That's fine. Let's go back to the Chrome and I'm going to refresh
4:53
And when I scroll to the right, I can see we have bunch of zeros for the annual salary
4:59
and then pension. So this is working fine. So this is a way of actually hiding those important information
5:05
So for the last part, we actually want to hide some of the national insurance number
5:10
Now in this case, we have the two letters to the left side of the cells and then we
5:15
have the separator which is the iPhone and of course we have about six numbers
5:19
So we want to actually hide these two letters and then the six numbers and they won't expose
5:24
only the last letters to the right. So let's go back to the user, the admin user
5:32
So I'm going to scroll down. Now I'm just going to copy this. Ctrl C. So let's Ctrl V
5:38
Now to get rid of this pension and NI underscore number. Now I want to apply the partial masking to this national insurance
5:49
So I'm going to get rid of this default. Okay. So first, I'm going to call the single quote and then I'm going to type in the partial
5:55
Now the partial requires three arguments, the starting index and the second argument
6:00
is the replacement string and the third one is the length of substring to be replaced
6:04
So let's call the function the partial open bracket and let's close the bracket for now
6:08
Now inside the bracket, we want to actually start from zero and then put in the comma
6:14
Now I'm going to open two double quotes. Now inside the double quotes, let's go back to the data
6:19
We actually want to hide the two letters to the left and then the six numbers in between
6:25
So that's going to be XX and then the separate to the iPhone XXX XXX six times
6:31
So and then of course, we have to put in the iPhone again and then I'm going to put in
6:35
a comma and then we want to expose the last letter to the right or the CYU and so on
6:42
So all things being equal, this is fine. So let's go ahead and execute or run the query
6:48
And let me scroll up. There we go. Succeeded just in one second, 516 milliseconds
6:55
So let's go back to the other user and let's refresh the URL
7:03
Okay, I'm going to scroll to the right and there we go. So we can see the national insurance number are masked
7:11
So we can only see the last letter to the right side of the cells
7:17
Basically how we can apply dynamic data masking in Fabric Data Warehouse
7:22
I trust you enjoyed this video. Do like, share with your friends and comment
7:26
Thank you and bye for now. Cheers
#Data Management
#Enterprise Technology