我试图通过Azure门户的动态数据掩盖来实现敏感的数据掩蔽。灵感来自本文:
从本质上讲,我已经创建了具有有限特权的用户,定义了一些掩码,并尝试导出数据库(两者都来自Azure Portal Portal和SSM)。如果未定义掩模,请与我的非Admin用户导出,如预期。但是,当我添加至少一个掩码时 - 导出失败消息:
无法从数据库中导出模式和数据。发生一个或多个错误。发生一个或多个错误。发生一个或多个错误。发生一个或多个错误。发生一个或多个错误。无效的值。
是Azure SQL中的错误吗?我没有想法。
编辑:
从SSMS“导出数据层应用程序”摘要中,我发现该问题发生在很少(60个以上的表格中的4-5个)上 - 但仅在其中一个上施加掩码(确切的一列)。
I've tried to implement sensitive data masking with dynamic data masking from Azure Portal. Inspiration came from this article: https://joeydantoni.com/2016/11/07/exporting-masked-data-with-dynamic-data-masking
Essentially I've created user with limited privileges, defined some masks and tried to export database (both from Azure Portal and SSMS). When no masks are defined, export with my non-admin user goes as expected. However, when I've added at least one mask - export fails with message:
Could not export schema and data from database. One or more errors occurred. One or more errors occurred. One or more errors occurred. One or more errors occurred. One or more errors occurred. Invalid value.
Is it a bug in Azure SQL? I'm out of ideas.
EDIT:
From SSMS "Export Data-tier Application" summary I've found out that the problem occurred on few (4-5 out of 60+ tables) - yet mask was applied only on one of them (one column to be precise).
发布评论
评论(1)
我已经联系了Azure支持以解决此问题。
此问题仅影响Azure SQL数据库。似乎导出屏蔽数据需要仅管理员拥有的某些权限。因此,对于 non-admin ,以下内容是正确的:
unmast授予授予时,他可以导出蒙版数据库,但导出的数据已删除。真可惜。
I've contacted Azure support to resolve this issue.
This problem affects only Azure SQL databases. It seems that exporting masked data require some permissions that only admin have. So, following are true for non-admin:
UNMASKgrant he can export masked database but exported data is unmasked.That's a shame.