Datatypes Masking Mapping
The Databricks Unity Catalog connector supports masking of sensitive data based on column datatypes. When column-level access policies are applied, any column not explicitly included in the policy is automatically masked. Each datatype has a default masking value, which replaces the original data to maintain structural consistency while protecting sensitive information.
Default Masking Values by Datatype
The following tables shows the default masking values applied to each supported datatype:
Numeric Datatypes
| Datatype | Masking Value |
| BIGINT | 0 |
| DECIMAL | 0 |
| DOUBLE | 0 |
| FLOAT | 0 |
| INT | 0 |
| SMALLINT | 0 |
| TINYINT | 0 |
Temporal Datatypes
| Datatype | Masking Value |
| DATE | 1900-01-01 |
| TIMESTAMP | 1900-01-01T00:00:00.000 |
| TIMESTAMP_NTZ | 1900-01-01 00:00:00 |
Text and Binary Datatypes
| Datatype | Masking Value |
| STRING | <MASKED> |
| BINARY | 0 |
Complex and Other Datatypes
| Datatype | Masking Value |
| BOOLEAN | null |
| INTERVAL | null |
| ARRAY | null |
| MAP | null |
| STRUCT | null |
| VARIANT | null |
Important Considerations
- The historical date
1900-01-01 is used for temporal datatypes to maintain chronological ordering. - Complex datatypes return
null to prevent exposure of nested sensitive data structures.