Data Masking Rules - Create Or Update
Creates or updates a database data masking rule.
PUT https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Sql/servers/{serverName}/databases/{databaseName}/dataMaskingPolicies/Default/rules/{dataMaskingRuleName}?api-version=2025-01-01URI Parameters
| Name | In | Required | Type | Description |
|---|---|---|---|---|
|
database
|
path | True |
string |
The name of the database. |
|
data
|
path | True |
The name of the database for which the data masking policy applies. |
|
|
data
|
path | True |
string |
The name of the data masking rule. |
|
resource
|
path | True |
string minLength: 1maxLength: 90 |
The name of the resource group. The name is case insensitive. |
|
server
|
path | True |
string |
The name of the server. |
|
subscription
|
path | True |
string (uuid) |
The ID of the target subscription. The value must be an UUID. |
|
api-version
|
query | True |
string minLength: 1 |
The API version to use for this operation. |
Request Body
| Name | Required | Type | Description |
|---|---|---|---|
| properties.columnName | True |
string |
The column name on which the data masking rule is applied. |
| properties.maskingFunction | True |
The masking function that is used for the data masking rule. |
|
| properties.schemaName | True |
string |
The schema name on which the data masking rule is applied. |
| properties.tableName | True |
string |
The table name on which the data masking rule is applied. |
| properties.aliasName |
string |
The alias name. This is a legacy parameter and is no longer used. |
|
| properties.numberFrom |
string |
The numberFrom property of the masking rule. Required if maskingFunction is set to Number, otherwise this parameter will be ignored. |
|
| properties.numberTo |
string |
The numberTo property of the data masking rule. Required if maskingFunction is set to Number, otherwise this parameter will be ignored. |
|
| properties.prefixSize |
string |
If maskingFunction is set to Text, the number of characters to show unmasked in the beginning of the string. Otherwise, this parameter will be ignored. |
|
| properties.replacementString |
string |
If maskingFunction is set to Text, the character to use for masking the unexposed part of the string. Otherwise, this parameter will be ignored. |
|
| properties.ruleState |
The rule state. Used to delete a rule. To delete an existing rule, specify the schemaName, tableName, columnName, maskingFunction, and specify ruleState as disabled. However, if the rule doesn't already exist, the rule will be created with ruleState set to enabled, regardless of the provided value of ruleState. |
||
| properties.suffixSize |
string |
If maskingFunction is set to Text, the number of characters to show unmasked at the end of the string. Otherwise, this parameter will be ignored. |
Responses
| Name | Type | Description |
|---|---|---|
| 200 OK |
Azure operation completed successfully. |
|
| 201 Created |
Resource 'DataMaskingRule' create operation succeeded |
|
| Other Status Codes |
An unexpected error response. |
Security
azure_auth
Azure Active Directory OAuth2 Flow.
Type:
oauth2
Flow:
implicit
Authorization URL:
https://login.microsoftonline.com/common/oauth2/authorize
Scopes
| Name | Description |
|---|---|
| user_impersonation | impersonate your user account |
Examples
| Create/Update data masking rule for default max. |
| Create/Update data masking rule for default min. |
| Create/Update data masking rule for numbers. |
| Create/Update data masking rule for text. |
Create/Update data masking rule for default max.
Sample request
PUT https://management.azure.com/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/sqlcrudtest-6852/providers/Microsoft.Sql/servers/sqlcrudtest-2080/databases/sqlcrudtest-331/dataMaskingPolicies/Default/rules/rule1?api-version=2025-01-01
{
"properties": {
"aliasName": "nickname",
"columnName": "test1",
"maskingFunction": "Default",
"ruleState": "Enabled",
"schemaName": "dbo",
"tableName": "Table_1"
}
}
Sample response
{
"name": null,
"type": "Microsoft.Sql/servers/databases/dataMaskingPolicies/rules",
"id": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/sqlcrudtest-6852/providers/Microsoft.Sql/servers/sqlcrudtest-6852/databases/sqlcrudtest-331/dataMaskingPolicies/Default/rules/rule1",
"kind": null,
"location": "Central US",
"properties": {
"aliasName": "nickname",
"columnName": "test1",
"id": "dbo_Table_1_test1",
"maskingFunction": "Default",
"numberFrom": null,
"numberTo": null,
"prefixSize": null,
"replacementString": null,
"ruleState": "Enabled",
"schemaName": "dbo",
"suffixSize": null,
"tableName": "Table_1"
}
}{
"name": null,
"type": "Microsoft.Sql/servers/databases/dataMaskingPolicies/rules",
"id": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/sqlcrudtest-6852/providers/Microsoft.Sql/servers/sqlcrudtest-6852/databases/sqlcrudtest-331/dataMaskingPolicies/Default/rules/rule1",
"kind": null,
"location": "Central US",
"properties": {
"aliasName": "nickname",
"columnName": "test1",
"id": "dbo_Table_1_test1",
"maskingFunction": "Default",
"numberFrom": null,
"numberTo": null,
"prefixSize": null,
"replacementString": null,
"ruleState": "Enabled",
"schemaName": "dbo",
"suffixSize": null,
"tableName": "Table_1"
}
}Create/Update data masking rule for default min.
Sample request
PUT https://management.azure.com/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/sqlcrudtest-6852/providers/Microsoft.Sql/servers/sqlcrudtest-2080/databases/sqlcrudtest-331/dataMaskingPolicies/Default/rules/rule1?api-version=2025-01-01
{
"properties": {
"columnName": "test1",
"maskingFunction": "Default",
"schemaName": "dbo",
"tableName": "Table_1"
}
}
Sample response
{
"name": null,
"type": "Microsoft.Sql/servers/databases/dataMaskingPolicies/rules",
"id": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/sqlcrudtest-6852/providers/Microsoft.Sql/servers/sqlcrudtest-6852/databases/sqlcrudtest-331/dataMaskingPolicies/Default/rules/rule1",
"kind": null,
"location": "Central US",
"properties": {
"aliasName": null,
"columnName": "test1",
"id": "dbo_Table_1_test1",
"maskingFunction": "Default",
"numberFrom": null,
"numberTo": null,
"prefixSize": null,
"replacementString": null,
"ruleState": "Enabled",
"schemaName": "dbo",
"suffixSize": null,
"tableName": "Table_1"
}
}{
"name": null,
"type": "Microsoft.Sql/servers/databases/dataMaskingPolicies/rules",
"id": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/sqlcrudtest-6852/providers/Microsoft.Sql/servers/sqlcrudtest-6852/databases/sqlcrudtest-331/dataMaskingPolicies/Default/rules/rule1",
"kind": null,
"location": "Central US",
"properties": {
"aliasName": null,
"columnName": "test1",
"id": "dbo_Table_1_test1",
"maskingFunction": "Default",
"numberFrom": null,
"numberTo": null,
"prefixSize": null,
"replacementString": null,
"ruleState": "Enabled",
"schemaName": "dbo",
"suffixSize": null,
"tableName": "Table_1"
}
}Create/Update data masking rule for numbers.
Sample request
PUT https://management.azure.com/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/sqlcrudtest-6852/providers/Microsoft.Sql/servers/sqlcrudtest-2080/databases/sqlcrudtest-331/dataMaskingPolicies/Default/rules/rule1?api-version=2025-01-01
{
"properties": {
"columnName": "test1",
"maskingFunction": "Number",
"numberFrom": "0",
"numberTo": "2",
"schemaName": "dbo",
"tableName": "Table_1"
}
}
Sample response
{
"name": null,
"type": "Microsoft.Sql/servers/databases/dataMaskingPolicies/rules",
"id": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/sqlcrudtest-6852/providers/Microsoft.Sql/servers/sqlcrudtest-6852/databases/sqlcrudtest-331/dataMaskingPolicies/Default/rules/rule1",
"kind": null,
"location": "Central US",
"properties": {
"aliasName": null,
"columnName": "test1",
"id": "dbo_Table_1_test1",
"maskingFunction": "Number",
"numberFrom": "0",
"numberTo": "2",
"prefixSize": null,
"replacementString": null,
"ruleState": "Enabled",
"schemaName": "dbo",
"suffixSize": null,
"tableName": "Table_1"
}
}{
"name": null,
"type": "Microsoft.Sql/servers/databases/dataMaskingPolicies/rules",
"id": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/sqlcrudtest-6852/providers/Microsoft.Sql/servers/sqlcrudtest-6852/databases/sqlcrudtest-331/dataMaskingPolicies/Default/rules/rule1",
"kind": null,
"location": "Central US",
"properties": {
"aliasName": null,
"columnName": "test1",
"id": "dbo_Table_1_test1",
"maskingFunction": "Number",
"numberFrom": "0",
"numberTo": "2",
"prefixSize": null,
"replacementString": null,
"ruleState": "Enabled",
"schemaName": "dbo",
"suffixSize": null,
"tableName": "Table_1"
}
}Create/Update data masking rule for text.
Sample request
PUT https://management.azure.com/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/sqlcrudtest-6852/providers/Microsoft.Sql/servers/sqlcrudtest-2080/databases/sqlcrudtest-331/dataMaskingPolicies/Default/rules/rule1?api-version=2025-01-01
{
"properties": {
"columnName": "test1",
"maskingFunction": "Text",
"prefixSize": "1",
"replacementString": "asdf",
"schemaName": "dbo",
"suffixSize": "0",
"tableName": "Table_1"
}
}
Sample response
{
"name": null,
"type": "Microsoft.Sql/servers/databases/dataMaskingPolicies/rules",
"id": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/sqlcrudtest-6852/providers/Microsoft.Sql/servers/sqlcrudtest-6852/databases/sqlcrudtest-331/dataMaskingPolicies/Default/rules/rule1",
"kind": null,
"location": "Central US",
"properties": {
"aliasName": null,
"columnName": "test1",
"id": "dbo_Table_1_test1",
"maskingFunction": "Text",
"numberFrom": null,
"numberTo": null,
"prefixSize": "1",
"replacementString": "asdf",
"ruleState": "Enabled",
"schemaName": "dbo",
"suffixSize": "0",
"tableName": "Table_1"
}
}{
"name": null,
"type": "Microsoft.Sql/servers/databases/dataMaskingPolicies/rules",
"id": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/sqlcrudtest-6852/providers/Microsoft.Sql/servers/sqlcrudtest-6852/databases/sqlcrudtest-331/dataMaskingPolicies/Default/rules/rule1",
"kind": null,
"location": "Central US",
"properties": {
"aliasName": null,
"columnName": "test1",
"id": "dbo_Table_1_test1",
"maskingFunction": "Text",
"numberFrom": null,
"numberTo": null,
"prefixSize": "1",
"replacementString": "asdf",
"ruleState": "Enabled",
"schemaName": "dbo",
"suffixSize": "0",
"tableName": "Table_1"
}
}Definitions
| Name | Description |
|---|---|
|
created |
The type of identity that created the resource. |
|
Data |
The masking function that is used for the data masking rule. |
|
Data |
|
|
Data |
A database data masking rule. |
|
Data |
The rule state. Used to delete a rule. To delete an existing rule, specify the schemaName, tableName, columnName, maskingFunction, and specify ruleState as disabled. However, if the rule doesn't already exist, the rule will be created with ruleState set to enabled, regardless of the provided value of ruleState. |
|
Error |
The resource management error additional info. |
|
Error |
The error detail. |
|
Error |
Error response |
|
system |
Metadata pertaining to creation and last modification of the resource. |
createdByType
The type of identity that created the resource.
| Value | Description |
|---|---|
| User | |
| Application | |
| ManagedIdentity | |
| Key |
DataMaskingFunction
The masking function that is used for the data masking rule.
| Value | Description |
|---|---|
| Default |
Default |
| CCN |
CCN |
|
|
|
| Number |
Number |
| SSN |
SSN |
| Text |
Text |
DataMaskingPolicyName
| Value | Description |
|---|---|
| Default |
Default |
DataMaskingRule
A database data masking rule.
| Name | Type | Description |
|---|---|---|
| id |
string (arm-id) |
Fully qualified resource ID for the resource. E.g. "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}" |
| kind |
string |
The kind of Data Masking Rule. Metadata, used for Azure portal. |
| location |
string |
The location of the data masking rule. |
| name |
string |
The name of the resource |
| properties.aliasName |
string |
The alias name. This is a legacy parameter and is no longer used. |
| properties.columnName |
string |
The column name on which the data masking rule is applied. |
| properties.id |
string |
The rule Id. |
| properties.maskingFunction |
The masking function that is used for the data masking rule. |
|
| properties.numberFrom |
string |
The numberFrom property of the masking rule. Required if maskingFunction is set to Number, otherwise this parameter will be ignored. |
| properties.numberTo |
string |
The numberTo property of the data masking rule. Required if maskingFunction is set to Number, otherwise this parameter will be ignored. |
| properties.prefixSize |
string |
If maskingFunction is set to Text, the number of characters to show unmasked in the beginning of the string. Otherwise, this parameter will be ignored. |
| properties.replacementString |
string |
If maskingFunction is set to Text, the character to use for masking the unexposed part of the string. Otherwise, this parameter will be ignored. |
| properties.ruleState |
The rule state. Used to delete a rule. To delete an existing rule, specify the schemaName, tableName, columnName, maskingFunction, and specify ruleState as disabled. However, if the rule doesn't already exist, the rule will be created with ruleState set to enabled, regardless of the provided value of ruleState. |
|
| properties.schemaName |
string |
The schema name on which the data masking rule is applied. |
| properties.suffixSize |
string |
If maskingFunction is set to Text, the number of characters to show unmasked at the end of the string. Otherwise, this parameter will be ignored. |
| properties.tableName |
string |
The table name on which the data masking rule is applied. |
| systemData |
Azure Resource Manager metadata containing createdBy and modifiedBy information. |
|
| type |
string |
The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" |
DataMaskingRuleState
The rule state. Used to delete a rule. To delete an existing rule, specify the schemaName, tableName, columnName, maskingFunction, and specify ruleState as disabled. However, if the rule doesn't already exist, the rule will be created with ruleState set to enabled, regardless of the provided value of ruleState.
| Value | Description |
|---|---|
| Enabled |
Enabled |
| Disabled |
Disabled |
ErrorAdditionalInfo
The resource management error additional info.
| Name | Type | Description |
|---|---|---|
| info |
object |
The additional info. |
| type |
string |
The additional info type. |
ErrorDetail
The error detail.
| Name | Type | Description |
|---|---|---|
| additionalInfo |
The error additional info. |
|
| code |
string |
The error code. |
| details |
The error details. |
|
| message |
string |
The error message. |
| target |
string |
The error target. |
ErrorResponse
Error response
| Name | Type | Description |
|---|---|---|
| error |
The error object. |
systemData
Metadata pertaining to creation and last modification of the resource.
| Name | Type | Description |
|---|---|---|
| createdAt |
string (date-time) |
The timestamp of resource creation (UTC). |
| createdBy |
string |
The identity that created the resource. |
| createdByType |
The type of identity that created the resource. |
|
| lastModifiedAt |
string (date-time) |
The timestamp of resource last modification (UTC) |
| lastModifiedBy |
string |
The identity that last modified the resource. |
| lastModifiedByType |
The type of identity that last modified the resource. |