Skip to main content
Skip to main content
Edit this page

system.masking_policies

Description

Contains information about all masking policies defined in the system.

Masking policies can only be created and applied in ClickHouse Cloud. In open-source builds the system.masking_policies table is always empty, but it is still present so that introspection queries such as SHOW MASKING POLICIES work and return an empty result instead of throwing.

Columns

  • name (String) — Name of a masking policy.
  • short_name (String) — Short name of a masking policy. Names of masking policies are compound, for example: mask_email ON mydb.mytable. Here 'mask_email ON mydb.mytable' is the name of the masking policy, and 'mask_email' is its short name.
  • database (String) — Database name.
  • table (String) — Table name.
  • id (UUID) — Masking policy ID.
  • storage (String) — Name of the directory where the masking policy is stored.
  • update_assignments (Nullable(String)) — UPDATE assignments that define how data should be masked, for example: email = 'masked', phone = '--****'. NULL if not set.
  • where_condition (Nullable(String)) — Optional condition selecting the rows the mask is applied to. NULL if not set.
  • priority (Int64) — Priority of the masking policy. Policies with higher priority are applied first.
  • apply_to_all (UInt8) — Shows that the masking policy is set for all roles and/or users.
  • apply_to_list (Array(String)) — List of the roles and/or users to which the masking policy is applied.
  • apply_to_except (Array(String)) — The masking policy is applied to all roles and/or users except the listed ones.