A Snowflake Administrator needs to ensure that sensitive corporate data in Snowflake tables is masked from end users, but remains partially visible to functional managers.

How can this requirement be met?