Data masking

To protect sensitive data from users, data can be masked so all sensitive data retrieved either through the dashboards or directly by querying the views, will be marked as “MASKED”.

Sensitive data can be masked for SQL Servers, databases and SQL Server agent jobs.

When masking is enabled, any information that potentially can contain sensitive data such as query plans, statements, blocked process reports etc. is masked.

Sensitive data is only masked for production SQL Servers, making it possible to give users access to production data and still be compliant with all regulatives e.g. GDPR. Masking is controlled on team level, making it possible to give specific teams access to see sensistive data while other teams will have sensitive data masked. When adding teams, sensitive data is masked by default.

Members of the “Performance Store full access” group will have access to sensitive data by default:

To mask sensitive data for the “Performance Store full access” group, change mask_sensitive_data from 0 to 1 in dbo.table_access for the “Performance Store full access” group and associated service account user:

When enabling or disabling data masking it will take effect immediately.