动态数据掩码停止工作 [英] Dynamic Data Masks stopped working
问题描述
我有一个测试网页,该网页使用了受限制的SQL用户来查询Azure SQL DB,以从被屏蔽的字段中获取数据.它返回了数据并且被屏蔽了.我很高兴. 我用一个按钮更改了用户,瞧!我可以看到实际数据.
I had a test web page that used a restricted SQL user to query an Azure SQL DB to get data from masked fields. It returned the data and it was masked. I rejoiced. I changed the user with a button and voila! I could see the actual data.
然后由于某种原因,今天它停止工作了,我哭了.
Then today, for some reason, it stopped working and I cried.
我之间没有更改任何代码. 但是,我确实使用Azure门户来打开审核(无法反映影响审核的镜像). 我以为TDE可能与DDM冲突,但我在其他地方读到它并没有-加上它在工作时已经启用. 我运行查询以显示我的"nobody" SQL用户具有什么权限-仅"connect".
I changed no code in between. I did however use the Azure portal to turn on auditing (can't image that affecting it). I thought TDE may conflict with DDM but I've read elsewhere that it doesn't - plus it was already enabled when it was working. I ran a query to show what permissions my "nobody" SQL user had - "connect" only.
因此,我删除了"nobody"用户,并与关联的用户(而不是仅一个用户)创建了一个新的SQL登录名.这样,我可以使用SSMS以应受屏蔽影响的受限用户身份登录-但不能.
So I deleted my "nobody" user and created a new SQL login with associated user (as opposed to just a user). This way I could use SSMS to log in as a restricted user that should be affected by masking - but nope.
因此,我可以在TSQL中或通过Azure设置掩码,并且Azure会显示哪些字段受到了影响.但是每次我在SSMS或通过.net运行查询时,我都会看到未屏蔽的数据.
So I can setup masks in TSQL or via Azure and Azure shows what's fields have been affected. But I every damned time I run a query in SSMS or via .net I see unmasked data.
我真的很沮丧,所以任何帮助都会很棒.
I really am stumped so any help would be awesome.
在某些情况下,遮罩会停止工作吗? 我还有什么可以检查以确保其设置正确的吗?
Are there certain circumstances masking would stop working? Is there anything else I can check to ensure it's setup correctly?
非常
推荐答案
与Microsoft合作找出问题所在后,得出的结论是,动态数据屏蔽不能很好地与Azure数据分类功能配合使用.
After working with Microsoft to figure out what the issue is the conclusion is that dynamic data masking doesn't play nicely with the Azure Data Classification feature.
使用数据分类"时,DDM关闭,导致只有选择权限的人才能看到被屏蔽的数据.
When Data Classification is used DDM is turned off resulting in someone with only select permissions able to see the masked data.
根据MS代表的说法,此修复程序将在4-5周内完成,但没有预计何时推出.
According to the MS representative the fix will be in 4-5 weeks but no ETA as to when it will be rolled out.
这篇关于动态数据掩码停止工作的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
