Table of Contents

Search

  1. Preface
  2. Introduction to Dynamic Data Masking Administration
  3. Authentication
  4. Security
  5. Connection Management
  6. JDBC Client Configuration
  7. ODBC Client Configuration
  8. Access Control
  9. Logs
  10. High Availability
  11. Server Control
  12. Performance Tuning
  13. Troubleshooting
  14. Appendix A: Database Keywords

Administrator Guide

Administrator Guide

Microsoft SQL Server Dynamic Data Masking Administrator Required Privileges

Microsoft SQL Server Dynamic Data Masking Administrator Required Privileges

The Dynamic Data Masking administrator must have privileges to access sensitive tables and columns.
Log in as the system administrator and run the following command:
  • USE master;
  • CREATE LOGIN <DDM Admin> WITH PASSWORD=<DDM Admin password>, DEFAULT_DATABASE = <default database>;
  • GRANT CONTROL SERVER TO <DDM Admin>;
  • USE <default database>;
  • CREATE USER <database user> FOR LOGIN <DDM Admin>;

Additional Privileges for SELECT * Statements

If your Dynamic Data Masking security rules need to support column masking on SELECT * statements, you must also run the following command:
GRANT CONTROL SERVER TO <DDM Admin>
Alternatively, you can run the following commands:
  • USE <client user catalog>
  • CREATE USER <DDM Admin>
  • FOR LOGIN <DDM Admin> WITH DEFAULT_SCHEMA=<default schema>
  • USE master
  • GRANT VIEW SERVER STATE TO <DDM Admin login>
  • GRANT IMPERSONATE ON LOGIN :: <client user login> TO <DDM Admin login>

0 COMMENTS

We’d like to hear from you!