是否可以将动态数据屏蔽应用于同一表中已加密的列 [英] Is it possible to apply the dynamic data masking on already encrypted column in same table

问题描述

在我的azure SQL数据库中的两个不同的表上实现了始终加密和动态数据屏蔽的概念。

I was implemented the Always Encrypted and Dynamic data masking concepts in my azure SQL database on two different tables.

但是我对是否有可能应用

But I have doubt like "Is it possible to apply the dynamic data masking on already encrypted column in same table".

我尝试了以上情况，它给出了类似 SSN列的数据类型不支持数据的错误信息

I tried the above scenario it gives error like "The data type of column 'SSN' does not support data masking function 'partial'.".

我运行以下查询，对已加密的列应用掩码。

I run the below query for applying the masking on already encrypted column.

ALTER TABLE [dbo].[CustomerTables]
ALTER COLUMN [SSN] ADD MASKED WITH (FUNCTION = 'partial(0,"XXX-XX-",4)');

能否请您告诉我是否有可能将动态数据掩码应用于已加密的列中

Can you please tell me is it possible it possible to apply the dynamic data masking on already encrypted column in same table or not.

Pradeep

推荐答案

否，当前已加密列不能被屏蔽。并且，您不能加密已被屏蔽的列。

No, currently encrypted columns cannot be masked. And, you cannot encrypt a column that has been masked.

使用动态数据屏蔽，在服务器端会生成被屏蔽的值。若要产生掩码值（特别是使用部分掩码），SQL Server需要知道原始值（以纯文本格式）。如果使用始终加密对列进行了加密，则SQL Server仅知道密文，并且无法对其进行解密-只有客户端应用程序才能解密存储在加密列中的值。

With Dynamic Data Masking, masked values are produced on the server side. To produce a masked value (especially using a partial mask), SQL Server needs to know the original value (in plaintext). If a column is encrypted with Always Encrypted, SQL Server only knows ciphertext and it cannot decrypt it - only a client application can decrypt the values stored in encrypted columns.

这篇关于是否可以将动态数据屏蔽应用于同一表中已加密的列的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！