Share via

Data Masking Rules - List By Database

Service:
SQL Database
API Version:
2025-01-01

Gets a list of database data masking rules.

GET https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Sql/servers/{serverName}/databases/{databaseName}/dataMaskingPolicies/Default/rules?api-version=2025-01-01

URI Parameters

Name In Required Type Description
databaseName
 path True

string

The name of the database.
dataMaskingPolicyName
 path True

DataMaskingPolicyName

The name of the database for which the data masking policy applies.
resourceGroupName
 path True

string

minLength: 1
maxLength: 90

The name of the resource group. The name is case insensitive.
serverName
 path True

string

The name of the server.
subscriptionId
 path True

string (uuid)

The ID of the target subscription. The value must be an UUID.
api-version
 query True

string

minLength: 1

The API version to use for this operation.

Responses

Name Type Description
200 OK

DataMaskingRuleListResult

Azure operation completed successfully.
Other Status Codes

ErrorResponse

An unexpected error response.

Security

azure_auth

Azure Active Directory OAuth2 Flow.

Type: oauth2
Flow: implicit
Authorization URL: https://login.microsoftonline.com/common/oauth2/authorize

Scopes

Name Description
user_impersonation impersonate your user account

Examples

Gets a list of database data masking rules.

Sample request

GET https://management.azure.com/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/sqlcrudtest-6852/providers/Microsoft.Sql/servers/sqlcrudtest-2080/databases/sqlcrudtest-331/dataMaskingPolicies/Default/rules?api-version=2025-01-01

Sample response

Status code:
200 
{
  "value": [
    {
      "name": null,
      "type": "Microsoft.Sql/servers/databases/dataMaskingPolicies/rules",
      "id": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/sqlcrudtest-6852/providers/Microsoft.Sql/servers/sqlcrudtest-6852/databases/sqlcrudtest-331/dataMaskingPolicies/Default/rules/rule1",
      "kind": null,
      "location": "Central US",
      "properties": {
        "aliasName": null,
        "columnName": "test1",
        "id": "dbo_Table_1_test1",
        "maskingFunction": "Text",
        "numberFrom": null,
        "numberTo": null,
        "prefixSize": "1",
        "replacementString": "asdf",
        "ruleState": "Enabled",
        "schemaName": "dbo",
        "suffixSize": "0",
        "tableName": "Table_1"
      }
    },
    {
      "name": null,
      "type": "Microsoft.Sql/servers/databases/dataMaskingPolicies/rules",
      "id": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/sqlcrudtest-6852/providers/Microsoft.Sql/servers/sqlcrudtest-6852/databases/sqlcrudtest-331/dataMaskingPolicies/Default/rules/rule1",
      "kind": null,
      "location": "Central US",
      "properties": {
        "aliasName": null,
        "columnName": "test1",
        "id": "dbo_Table_1_test1",
        "maskingFunction": "Number",
        "numberFrom": "0",
        "numberTo": "2",
        "prefixSize": null,
        "replacementString": null,
        "ruleState": "Enabled",
        "schemaName": "dbo",
        "suffixSize": null,
        "tableName": "Table_1"
      }
    }
  ]
}

Definitions

Name Description
createdByType

The type of identity that created the resource.
DataMaskingFunction

The masking function that is used for the data masking rule.
DataMaskingPolicyName
DataMaskingRule

A database data masking rule.
DataMaskingRuleListResult

The response of a DataMaskingRule list operation.
DataMaskingRuleState

The rule state. Used to delete a rule. To delete an existing rule, specify the schemaName, tableName, columnName, maskingFunction, and specify ruleState as disabled. However, if the rule doesn't already exist, the rule will be created with ruleState set to enabled, regardless of the provided value of ruleState.
ErrorAdditionalInfo

The resource management error additional info.
ErrorDetail

The error detail.
ErrorResponse

Error response
systemData

Metadata pertaining to creation and last modification of the resource.

createdByType

Enumeration

The type of identity that created the resource.

Value Description
User
Application
ManagedIdentity
Key

DataMaskingFunction

Enumeration

The masking function that is used for the data masking rule.

Value Description
Default

Default
CCN

CCN
Email

Email
Number

Number
SSN

SSN
Text

Text

DataMaskingPolicyName

Enumeration
Value Description
Default

Default

DataMaskingRule

Object

A database data masking rule.

Name Type Description
id

string (arm-id)

Fully qualified resource ID for the resource. E.g. "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}"
kind

string

The kind of Data Masking Rule. Metadata, used for Azure portal.
location

string

The location of the data masking rule.
name

string

The name of the resource
properties.aliasName

string

The alias name. This is a legacy parameter and is no longer used.
properties.columnName

string

The column name on which the data masking rule is applied.
properties.id

string

The rule Id.
properties.maskingFunction

DataMaskingFunction

The masking function that is used for the data masking rule.
properties.numberFrom

string

The numberFrom property of the masking rule. Required if maskingFunction is set to Number, otherwise this parameter will be ignored.
properties.numberTo

string

The numberTo property of the data masking rule. Required if maskingFunction is set to Number, otherwise this parameter will be ignored.
properties.prefixSize

string

If maskingFunction is set to Text, the number of characters to show unmasked in the beginning of the string. Otherwise, this parameter will be ignored.
properties.replacementString

string

If maskingFunction is set to Text, the character to use for masking the unexposed part of the string. Otherwise, this parameter will be ignored.
properties.ruleState

DataMaskingRuleState

The rule state. Used to delete a rule. To delete an existing rule, specify the schemaName, tableName, columnName, maskingFunction, and specify ruleState as disabled. However, if the rule doesn't already exist, the rule will be created with ruleState set to enabled, regardless of the provided value of ruleState.
properties.schemaName

string

The schema name on which the data masking rule is applied.
properties.suffixSize

string

If maskingFunction is set to Text, the number of characters to show unmasked at the end of the string. Otherwise, this parameter will be ignored.
properties.tableName

string

The table name on which the data masking rule is applied.
systemData

systemData

Azure Resource Manager metadata containing createdBy and modifiedBy information.
type

string

The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"

DataMaskingRuleListResult

Object

The response of a DataMaskingRule list operation.

Name Type Description
nextLink

string (uri)

The link to the next page of items
value

DataMaskingRule[]

The DataMaskingRule items on this page

DataMaskingRuleState

Enumeration

The rule state. Used to delete a rule. To delete an existing rule, specify the schemaName, tableName, columnName, maskingFunction, and specify ruleState as disabled. However, if the rule doesn't already exist, the rule will be created with ruleState set to enabled, regardless of the provided value of ruleState.

Value Description
Enabled

Enabled
Disabled

Disabled

ErrorAdditionalInfo

Object

The resource management error additional info.

Name Type Description
info

object

The additional info.
type

string

The additional info type.

ErrorDetail

Object

The error detail.

Name Type Description
additionalInfo

ErrorAdditionalInfo[]

The error additional info.
code

string

The error code.
details

ErrorDetail[]

The error details.
message

string

The error message.
target

string

The error target.

ErrorResponse

Object

Error response

Name Type Description
error

ErrorDetail

The error object.

systemData

Object

Metadata pertaining to creation and last modification of the resource.

Name Type Description
createdAt

string (date-time)

The timestamp of resource creation (UTC).
createdBy

string

The identity that created the resource.
createdByType

createdByType

The type of identity that created the resource.
lastModifiedAt

string (date-time)

The timestamp of resource last modification (UTC)
lastModifiedBy

string

The identity that last modified the resource.
lastModifiedByType

createdByType

The type of identity that last modified the resource.