An example of the operation on the server is shown below.
Create a masking policy
Execute the pgx_create_confidential_policy system management function to create a masking policy.
The following values are configured in this example.
- Masking target: Numeric type c1
- Masking type: FULL
- Masking condition: '1=1'
postgres=# select pgx_create_confidential_policy(table_name := 't1', policy_name := 'p1', expression := '1=1', column_name := 'c1', function_type := 'FULL'); pgx_create_confidential_policy --------------------------------- t (1 row)
Confirm the displayed data
Confirm that the masking target data (column c1) has been correctly changed.
postgres=# select * from t1; c1 | c2 ----+--------------- 0 | 012-3456-7890 0 | 012-3456-7891 0 | 012-3456-7892 (3 row)
See
Refer to "B.4.2 pgx_create_confidential_policy" for information on the pgx_create_confidential_policy system management function.
Note
Only one masking policy can be created per table.
All users can view the masking policy created, so do not grant the login privilege of the database where this feature is set to the users who refer to the changed data. Masking policies are defined in the "pgx_confidential_columns", "pgx_confidential_policies" and "pgx_confidential_values" tables.
