Dynamic Data Masking (DDM) can mask sensitive data in the SQL Editor query result based on the context. It helps
organizations to protect sensitive data from being exposed to unauthorized users.
You can configure the masking policies from UI or via API. Check out this GitOps example to see how to codify the masking policies.
Project-level owners configure the Column Masking on the table column. This is only needed when the global masking rule is not applicable to a particular project.
Workspace-level admins or project-level owners grant Masking Exemption to the users to access the unmasked data.
When a column in a database table is masked, the masking effect is infectious in the sense that it propagates to any views or derived structures that depend on that column. This ensures that the protection applied to the underlying data is consistently enforced, even when accessed through alternative pathways like views.