The blocking rule identifies requests that applications send between 5:00 p.m. and 8:00 a.m. If the SELECT list matches the security rule criteria, the Rule Engine applies a block security action to the request. The user receives a message indicating that access is denied. Apply the Stop if Matched processing action so that the Rule Engine does not continue to process the request. The Dynamic Data Masking service sends the response to the application.
As a result of the security rule set, users can view masked Social Security numbers during business hours, but cannot see the data after business hours.