In a masking policy where the plain-text value is shown only to a user with a specific role, which statement is true about who sees the plain-text value?

Master the SnowPro Advanced Architect Test with flashcards, multiple-choice questions, and detailed explanations. Prepare thoroughly for your certification!

Multiple Choice

In a masking policy where the plain-text value is shown only to a user with a specific role, which statement is true about who sees the plain-text value?

Explanation:
Masking policies act at query time and decide what a user sees based on their session context, such as their role. If a policy is written to show the plain value only when the current role matches a specific role (for example, DEVROLE), then that role will see the unmasked data, while everyone else sees the masked version. In this scenario, the policy reveals the plain-text value only to the user with the DEVROLE. The owner or SECURITYADMIN won’t automatically bypass the policy unless they also have that role, so they would see the masked value. Therefore, the statement that the user with DEVROLE can see the plain-text value is the correct one.

Masking policies act at query time and decide what a user sees based on their session context, such as their role. If a policy is written to show the plain value only when the current role matches a specific role (for example, DEVROLE), then that role will see the unmasked data, while everyone else sees the masked version.

In this scenario, the policy reveals the plain-text value only to the user with the DEVROLE. The owner or SECURITYADMIN won’t automatically bypass the policy unless they also have that role, so they would see the masked value. Therefore, the statement that the user with DEVROLE can see the plain-text value is the correct one.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy