Skip to content

Datatypes Masking Mapping

The Databricks Unity Catalog connector supports masking of sensitive data based on column datatypes. When column-level access policies are applied, any column not explicitly included in the policy is automatically masked. Each datatype has a default masking value, which replaces the original data to maintain structural consistency while protecting sensitive information.

Default Masking Values by Datatype

The following tables shows the default masking values applied to each supported datatype:

Numeric Datatypes

Datatype Masking Value
BIGINT 0
DECIMAL 0
DOUBLE 0
FLOAT 0
INT 0
SMALLINT 0
TINYINT 0

Temporal Datatypes

Datatype Masking Value
DATE 1900-01-01
TIMESTAMP 1900-01-01T00:00:00.000
TIMESTAMP_NTZ 1900-01-01 00:00:00

Text and Binary Datatypes

Datatype Masking Value
STRING <MASKED>
BINARY 0

Complex and Other Datatypes

Datatype Masking Value
BOOLEAN null
INTERVAL null
ARRAY null
MAP null
STRUCT null
VARIANT null

Important Considerations

  • The historical date 1900-01-01 is used for temporal datatypes to maintain chronological ordering.
  • Complex datatypes return null to prevent exposure of nested sensitive data structures.

Comments