I want to mask all user privilege both Admin or owner cannot view mask table.

Srean Noem 40 Reputation points
2024-03-29T03:42:42.18+00:00

Dear Sir/Madam

https://learn.microsoft.com/en-us/sql/relational-databases/security/dynamic-data-masking?view=sql-server-ver16

Refer to link Official Microsoft above, Administrative users or roles such as sysadmin, serveradmin, or db_owner have CONTROL permissions on the database by design, and can view unmasked data.

So I would like to mask all user privilege both Admin or owner cannot view mask table.

Is it possible to mask table?

Regard & Thank

Srean

SQL Server
SQL Server
A family of Microsoft relational database management and analysis systems for e-commerce, line-of-business, and data warehousing solutions.
13,837 questions
0 comments No comments
{count} votes

Accepted answer
  1. MikeyQiaoMSFT-0444 3,105 Reputation points
    2024-03-29T08:04:38.4033333+00:00

    Hi,@Srean Noem

    Sysadmin and owner that you mentioned are database roles ,which are essentially user properties. You cannot modify the permissions that the roles themselves have, you can only modify the roles of users.

    Additionally, dynamic masking technology only disguises the original data at the presentation layer and does not restrict access to the original data for other users with appropriate permissions. If sensitive data is involved and access must be restricted to only the owner, it is recommended to use data encryption techniques such as symmetric encryption.

    2 people found this answer helpful.

0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.