This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(211.20000000000002, 6%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EK%3C/text%3E%3C/svg%3E)
Hi All,
I am trying to grant unmask access for a security group for a specific table and for a specific column however im getting a the below error message.
query executed.
GRANT UNMASK ON schemaName.tablename(ColumnName) TO [Account that requires access, in my case a security group]
error message :
Msg 102, Level 15, State 1, Line 0
Incorrect syntax near 'UNMASK'.
Anyone experience this issue and how does one resolve this?
Regards
We have not received a response from you. Did the reply could help you? If the response helped, do "Accept Answer". If it doesn't work, please let us know the progress. By doing so, it will benefit all community members who are having this similar issue. Your contribution is highly appreciated.
See
=> example G. Grant UNMASK permission on a column for the correct syntax.
Hi Olaf,
I used the below and still get the error in MS SQL 2017. This script does work on SQL 2022 but not SQL 2017. Is there something different in the script that i need to change so that it works on SQL 2017?
GRANT UNMASK ON OBJECT::schemaName.tablename (ColumnName) to [Account that requires access, in my case a security group];
GO
Msg 102, Level 15, State 1, Line 3
Incorrect syntax near 'UNMASK'.
Thanks for your help so far
Regards
Hi,
I found out its a SQL version restriction SQL 2017 cant do column level unmask. How does one grant unmask on a table level for a account ?
SQL version is SQL 2017
Script used
GRANT UNMASK ON schemaName.tablenameto [Account that requires access, in my case a security group];
error im still getting
Msg 102, Level 15, State 1, Line 3
Incorrect syntax near 'UNMASK'.
Regards
Hi,Kevin
Starting from SQL Server 2022, dynamic data masking supports granting UNMASK permission at the column level.
Details refer to https://learn.microsoft.com/en-us/sql/relational-databases/security/dynamic-data-masking?view=sql-server-ver16#granular
So in SQL Server 2017, you cannot grant UNMASK permission on a specific column.
The executable statement is as follows:
GRANT UNMASK TO [UserOrGroupName];
Hi,
I found out its a SQL version restriction SQL 2017 cant do column level unmask. How does one grant unmask on a table level for a account ?
SQL version is SQL 2017
Script used
GRANT UNMASK ON schemaName.tablenameto [Account that requires access, in my case a security group];
error im still getting
Msg 102, Level 15, State 1, Line 3
Incorrect syntax near 'UNMASK'.
Regards
Unfortunately
GRANT UNMASK does not support usage on specific schemas or tables in sql server 2017.
Once a user is granted UNMASK permission, the dynamic masking feature of the entire database becomes ineffective for them (provided they have SELECT permissions on other tables).
So you can only execue this statement:
GRANT UNMASK TO [UserOrGroupName];
Users with UNMASK permission can see unmasked data. If you do not want a certain account to see the raw data, make sure not to give that account UNMASK permission.
So if you must use it this way, please be very careful about that user's select permissions on other tables with dynamic masking.
You may consider the following alternatives:
Create a view that selects the specific table and columns for which you want the user to see the raw data. Then, you can grant the user SELECT permission on this view. For example:
CREATE VIEW UnmaskedView AS SELECT Column1, Column2, UnmaskedColumn FROM YourTable;
GRANT SELECT ON UnmaskedView TO [AccountName];