Replies: 2 comments 3 replies
-
|
@mycaule Could you tell me a bit more about the use case that you are trying to solve? why do you require dynamic data masking? In athena we can leverage lakeformation tagging. This means that data masking is not strictly necessary, because some columns can be simply excluded from user access when using the right lakeformatio tag. dbt-athena users can override column tags as part of model configs, doing so, for example, some sensitive columns containing PII, can be simply tagged properly, and IAM principals without PII tag access won't simply see the columns that are tagged as PII. |
Beta Was this translation helpful? Give feedback.
-
|
I would like to allow users to run Other usecases are names and social security number. |
Beta Was this translation helpful? Give feedback.
-
|
I discovered that One possible way will be to deploy a udf, that return the real use name (or the caller arn), and then create views to do the dynamic data masking using something like: I don't see other way to "have" the dynamicity, other than using views on top of tables - as suggested by the link that you posted. |
Beta Was this translation helpful? Give feedback.
-
|
Another option for masking is to use S3 object lambda (https://aws.amazon.com/blogs/storage/automatically-modify-data-you-are-querying-with-amazon-athena-using-amazon-s3-object-lambda/). With the downside that the masking is not managed from dbt though. |
Beta Was this translation helpful? Give feedback.
-
|
Nice 💯 Also, can the lambda S3 endpoint know who is calling it? Should be possible right? |
Beta Was this translation helpful? Give feedback.
-
Do you have ideas on how to implement dynamic data masking with Athena, macros or Trino functions?
Some users started from how Snowflake implemented it and tried to apply the principles in Redshift.
https://discourse.getdbt.com/t/how-to-implement-dynamic-data-masking-on-redshift/2043
Beta Was this translation helpful? Give feedback.
All reactions