Answer-first summary for fast verification
Answer: dynamic data masking
## Detailed Explanation ### Requirements Analysis The scenario requires: - **Data masking** for phone numbers in the `Phone` column - **Role-based access control** - only users in a specific role should see the masked data - **Partial data visibility** - showing only the last four digits of phone numbers - **Query-time functionality** - masking occurs when users query the column ### Option Analysis **E: Dynamic Data Masking** ✅ **CORRECT** - **Purpose**: Dynamic Data Masking is specifically designed to limit sensitive data exposure by masking it to non-privileged users at query time - **Role-based implementation**: Can be configured to apply different masking rules based on user roles - **Phone number masking**: Supports custom masking functions that can be tailored to show only the last four digits of phone numbers - **Performance**: Operates at query execution time without modifying the underlying data - **Implementation**: Can be applied directly to the `Phone` column with a masking function that reveals only the last four characters **C: Row-Level Security (RLS)** ❌ **INCORRECT** - **Purpose**: RLS controls which rows users can access, not how specific column data is displayed - **Functionality**: Filters entire rows based on security predicates, cannot mask partial column data - **Limitation**: Cannot transform or mask specific portions of column values like showing only last four digits **D: Column Encryption** ❌ **INCORRECT** - **Purpose**: Provides data protection at rest and in transit through encryption - **Functionality**: Either shows the full decrypted value or nothing at all, cannot display partial data - **Implementation**: Requires decryption keys and doesn't support partial data visibility **A: Table Partitions** ❌ **INCORRECT** - **Purpose**: Improves query performance and manageability by dividing tables into smaller segments - **Functionality**: No data masking or security capabilities **B: Default Value** ❌ **INCORRECT** - **Purpose**: Sets a predefined value for columns when no value is specified during insertion - **Functionality**: Cannot dynamically mask data based on user roles during query execution ### Why Dynamic Data Masking is Optimal 1. **Precise Requirement Fit**: Directly addresses the need to show only partial phone number data 2. **Role-Based Control**: Can be configured to apply masking rules only to specific user roles 3. **No Data Modification**: The actual data remains unchanged in storage; masking occurs only during result presentation 4. **Custom Masking Functions**: Supports creating custom masking rules to show exactly the last four digits 5. **Azure Synapse Compatibility**: Fully supported in Azure Synapse Analytics dedicated SQL pools ### Implementation Approach To implement this solution: 1. Create a custom masking function for the Phone column 2. Apply the masking policy to show only the last four digits 3. Configure the policy to apply only to users not in the privileged role 4. Users in the specified role will automatically see the masked format when querying the Phone column
Ultimate access to all questions.
Author: LeetQuiz Editorial Team
You have an Azure Synapse Analytics dedicated SQL pool with a table named Contacts containing a Phone column. You need to ensure that users in a specific role can only see the last four digits of the phone number when querying the Phone column. What should you implement?
A
table partitions
B
a default value
C
row-level security (RLS)
D
column encryption
E
dynamic data masking
No comments yet.