SnowPro Advanced: Data Engineer — Question 106

A retail store's application team needs to build a loyalty program for their customers. The customer table contains Personal Identifiable Information (PII), and the team members have been assigned the role DEVELOPER.

CREATE TABLE customer_data (
customer_first_name string,
customer_last_name string,
customer_address string,
customer_email string,
... some other columns,
);

The team needs to access the customer data, but the email field must be obfuscated.

Which solution protects the sensitive information, while maintaining the usability of the data?

Answer options

• A. Create a view on the customer_data table to eliminate the email column by omitting it from the SELECT clause. Grant the role DEVELOPER access to the view.
• B. Create a separate table for all the non-PII columns and grant the role DEVELOPER access to the new table.
• C. Use the CURRENT_ROLE and CURRENT_USER context functions to integrate with a secure view and filter the sensitive data.
• D. Use the CURRENT_ROLE context function to integrate with a masking policy on the sensitive fields.

Correct answer: D

Explanation

The correct answer is D because applying a masking policy with the CURRENT_ROLE function allows for obfuscation of the email field while still enabling access to other data. Option A does not protect the email field, as it simply omits it from view but does not obfuscate it. Option B creates a separate table, which may not be efficient or maintain the necessary usability. Option C does not specifically address the need to mask the sensitive data like the correct answer does.