Working with Data Policies

Alation Cloud Service Applies to Alation Cloud Service instances of Alation

Customer Managed Applies to customer-managed instances of Alation

Data policies that are created on a data source are extracted to Alation as a separate object type Policy. The objects that are added to a Policy are defined as the Policy Link object type. The extracted policies from Snowflake will be available in the Policy Center page.

The following table provides the information of the policies supported by Alation:

Policy

Feature

Support

Column Level Security

Dynamic Data Masking

Yes

External Tokenization

No

Row Level Security

Row Access Policy

Yes

Access History

No

Dynamic Data Masking Policy - this is a column level security feature that uses masking policies to selectively mask data in particular columns. Data Masking policies can be applied to columns in views and tables. If the policy is applied to a column, that column will display the data for users as defined in the policy SQL rules, for example, it will display the word MASKED or asterisks (***) instead of actual values.

The screenshot below illustrates a data sample from a Snowflake table with the Dynamic Data Masking policy applied:

../../_images/PolicyCenter_01.png

Row Access Policy - row access policies implement row-level security to determine which rows are visible. A Row Access Policy can be applied to the rows in a table or view. When the Row Access Policy is applied to a row in a table, that row will be hidden in the table from unauthorized users.