Datatypes Masking Mapping
The Databricks Unity Catalog connector supports masking of sensitive data based on column datatypes. When column-level access policies are applied, any column not explicitly included in the policy is automatically masked. Each datatype has a default masking value, which replaces the original data to maintain structural consistency while protecting sensitive information.
Default Masking Values by Datatype
The following tables shows the default masking values applied to each supported datatype:
Numeric Datatypes
Datatype | Masking Value |
BIGINT | 0 |
DECIMAL | 0 |
DOUBLE | 0 |
FLOAT | 0 |
INT | 0 |
SMALLINT | 0 |
TINYINT | 0 |
Temporal Datatypes
Datatype | Masking Value |
DATE | 1900-01-01 |
TIMESTAMP | 1900-01-01T00:00:00.000 |
TIMESTAMP_NTZ | 1900-01-01 00:00:00 |
Text and Binary Datatypes
Datatype | Masking Value |
STRING | <MASKED> |
BINARY | 0 |
Complex and Other Datatypes
Datatype | Masking Value |
BOOLEAN | null |
INTERVAL | null |
ARRAY | null |
MAP | null |
STRUCT | null |
VARIANT | null |
Important Considerations
- The historical date
1900-01-01
is used for temporal datatypes to maintain chronological ordering. - Complex datatypes return
null
to prevent exposure of nested sensitive data structures.