Snowflake masking and data types
Snowflake provides several functions to transform the data. This topic describes how Snowflake transforms the data for a given Protect masking type.
- Default masking: Snowflake does not support this masking type. Protect, however, uses the default masking type to apply protection to a wide range of data types. A default masking value is applied to each column according to the data type of the column.
- Hashing: Uses the following Snowflake functions:
- SHA2 (for strings)
- HASH (for numbers)
- Show last: Uses the following expressions:
- substr(to_varchar(value), length(value) - n, n) (for strings)
- mod(value, power(10,n)) (for numbers)Tip In the expressions, value indicates the content and n indicates the number of characters to be shown.
- No masking: Returns the raw content.
Default masking values for data types
| Column data type | Snowflake data type | Default masking value |
|---|---|---|
| NUMBER | NUMBER | 0 |
| DECIMAL | NUMBER | 0 |
| NUMERIC | NUMBER | 0 |
| INT | NUMBER | 0 |
| INTEGER | NUMBER | 0 |
| BIGINT | NUMBER | 0 |
| SMALLINT | NUMBER | 0 |
| TINYINT | NUMBER | 0 |
| BYTEINT | FLOAT | 0 |
| FLOAT | FLOAT | 0 |
| FLOAT4 | FLOAT | 0 |
| FLOAT8 | FLOAT | 0 |
| DOUBLE | FLOAT | 0 |
| DOUBLE PRECISION | FLOAT | 0 |
| REAL | FLOAT | 0 |
| VARCHAR | VARCHAR |
* |
| CHAR | VARCHAR | * |
| CHARACTER | VARCHAR | * |
| STRING | VARCHAR | * |
| TEXT | VARCHAR | * |
| BINARY | BINARY | 00 |
| VARBINARY | BINARY | 00 |
| BOOLEAN | BOOLEAN | false |
| DATE | DATE | 1970-01-01 |
| DATETIME | TIMESTAMP_NTZ |
1970-01-01 00:00:00.000 |
| TIME | TIME |
00:00:00 |
| TIMESTAMP | TIMESTAMP_NTZ |
1970-01-01 00:00:00.000 |
| TIMESTAMP_LTZ | TIMESTAMP_LTZ |
1969-12-31 16:00:00.000-0800 Note This may change depending on the time zone.
|
| TIMESTAMP_NTZ | TIMESTAMP_NTZ |
1970-01-01 00:00:00.000 |
| TIMESTAMP_TZ | TIMESTAMP_TZ |
1969-12-31 16:00:00.000-0800 Note This may change depending on the time zone.
|
| VARIANT | VARIANT | 0 |
| OBJECT | OBJECT | {} |
| ARRAY | ARRAY | [] |
| GEOGRAPHY | GEOGRAPHY | {"coordinates": [0,0],"type": "Point"} (aka point(0, 0) and visualization can change based on user preferences) |
Note
- You can apply the Hashing and Show last masking types to only the following Snowflake data types: FLOAT, NUMBER, and STRING.
- If a selected masking type cannot be applied to a certain data type—for example, when you attempt to apply the Hashing masking type to the DATE data type—the Default masking type is applied to the data type to guarantee protection.