Exploring dynamic data masking
With the new SQL Server 2016 Dynamic Data Masking (DDM), you have an additional tool that helps you limit the exposure of sensitive data by masking it to non-privileged users. The masking is done on the SQL Server side, and thus you don't need to implement any changes to applications to start using it. DDM is available in Standard, Enterprise, and Developer editions.
This section introduces DDM, including:
- Defining masked columns
- DDM limitations
Defining masked columns
You define DDM at the column level. You can obfuscate values from a column in a table by using four different masking functions:
- The
default
function implements full masking. The mask depends on the data type of the column. A string is masked by changing each character of a string toX
. Numeric values are masked to zero. Date and time data type values are masked to "01.01.2000 00:00:00.0000000" (without double quotes). Binary data is masked to a single byte of ASCII value 0. - The...