Each Protect masking type has an equivalent counterpart in BigQuery called a masking rule. As such, masking rules in BigQuery correspond to masking types in Protect.
Note The BigQuery masking rules are not the same as the Protect data access rules.
The following table contains the equivalent BigQuery masking rule for a given Protect masking type.
| Protect masking type | Equivalent BigQuery masking rule |
|---|---|
| Default masking |
Default masking value |
| Hashing |
Hash (SHA256) Note BigQuery supports the Hash (SHA256) masking rule only for certain columns depending on their data types. If Hash (SHA256) cannot be applied to a certain column due to the data type of the column, the following masking rule is applied instead: Default masking value. |
| Show last |
Default masking value Note BigQuery does not support the Show last masking type. The Show last masking type is supported only on Snowflake. |
| No masking |
Fine-Grained Reader Note Each Protect group to which you assign standards has an equivalent counterpart in BigQuery called a GCP principal. BigQuery grants the Fine-Grained Reader role to the assigned GCP principal to allow the GCP principal to view the data to which no masking is applied in Protect. |