问题
I was implemented the Always Encrypted and Dynamic data masking concepts in my azure SQL database on two different tables.
But I have doubt like “Is it possible to apply the dynamic data masking on already encrypted column in same table”.
I tried the above scenario it gives error like “The data type of column 'SSN' does not support data masking function 'partial'.”.
I run the below query for applying the masking on already encrypted column.
ALTER TABLE [dbo].[CustomerTables]
ALTER COLUMN [SSN] ADD MASKED WITH (FUNCTION = 'partial(0,"XXX-XX-",4)');
Can you please tell me is it possible it possible to apply the dynamic data masking on already encrypted column in same table or not.
Pradeep
回答1:
No, currently encrypted columns cannot be masked. And, you cannot encrypt a column that has been masked.
With Dynamic Data Masking, masked values are produced on the server side. To produce a masked value (especially using a partial mask), SQL Server needs to know the original value (in plaintext). If a column is encrypted with Always Encrypted, SQL Server only knows ciphertext and it cannot decrypt it - only a client application can decrypt the values stored in encrypted columns.
来源:https://stackoverflow.com/questions/41758104/is-it-possible-to-apply-the-dynamic-data-masking-on-already-encrypted-column-in