-
Notifications
You must be signed in to change notification settings - Fork 60
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[ADAP-853] [Feature] Support Dynamic Data Masking #589
Comments
@soksamnanglim thanks for writing this up! We discussed this internally and also believe it would be valuable. I'd check out the write up in dbt-labs/dbt-adapters#85. I'd love to hear which approach makes more sense to you.
Looking at the docs you've linked above, two things stand out
|
@dataders thanks for getting back so quick!
wrt above, I may be misunderstanding so please correct me! Redshift's DDM can be applied to existing tables. Are you instead referring to this dbt-labs/dbt-adapters#85? afaik, dbt-redshift would also leave a window where data is unmasked between table creation and DDM application. Forgive my ignorance—how big of a problem is this? I think we can implement DDM without model contracts, unless there is case I'm overlooking?
We understand your view in the context of DDM. While we are still having an internal discussion, we might also want to consider that DDM is used by users who don't use data sharing and vice versa. |
Hi, chiming in again to provide an update that we will be working on allowing dbt users to configure role grants first (#415).
Please let me know your thoughts. An alternative configuration could be:
Specifically, the macros I also think we can extend support for granting privileges to groups by updating dbt documentation with this information: prefacing the group-name with group We considered segmenting grants into As for DDM, we will keep you updated 😄 . |
I love this feature request but this should be best handled at the dbt-adapters level. For now, I'm going to close this issue out in prep for our repo transfer. |
Is this your first time submitting a feature request?
Describe the feature
I am opening this issue to track the development of Dynamic Data Masking (DDM) support for dbt-redshift. DDM allows customers to dynamically mask columns for users and roles.
The following are features of DDM:
We want dbt-redshift to support masking policy creation, attachment, alteration, and detachment and dropping. Role granting is currently unsupported by dbt-redshift and would require a separate issue opened for it. At minimum, dbt-redshift should allow users to create and attach masking policies to tables. Ideally, a mechanism to alter, detach, and drop existing masking policies should also exist.
Describe alternatives you've considered
This discourse was opened in Jan 2021 before dynamic data masking was a feature in Redshift. As of Nov 2022, Redshift supports DDM, however, users leveraging dbt are unable to manage DDM in their dbt projects.
The alternative solution is to continue using Redshift database drivers or the Redshift Query Editor to manage DDM.
Who will this benefit?
This feature will be helpful for users (with DDM permissions) who want to manage data masking policies using dbt.
Are you interested in contributing this feature?
No response
Anything else?
No response
The text was updated successfully, but these errors were encountered: