# MASKING POLICY

Config path: `/<database>/<schema>/masking_policy/<name>.yaml`

Example:

```yaml
arguments:
  name: VARCHAR(255)

returns: VARCHAR(255)

body: |-
  REPLACE(name, 'A', '*')

references:
  - object_type: TABLE
    object_name: test_table_1
    columns: [name]
```

## Schema

* <mark style="background-color:red;">**arguments**</mark> (dict)
  * *{key}* (ident) - argument name
  * *{value}* (str) - argument data type
* <mark style="background-color:red;">**returns**</mark> (str) - return data type
* <mark style="background-color:red;">**body**</mark> (str) - policy SQL expression
* **exempt\_other\_policies** (bool)
* ~~**references**~~ (dict)
  * **object\_type** (str) - reference object type (e.g. `TABLE`, `VIEW`)
  * **object\_name** (ident) - reference object name
  * **columns** (list)
    * *{items}* (ident) - reference column names
* **comment** (str)&#x20;

## Usage notes

1. Management of masking policies requires active warehouse due to unavoidable [POLICY\_REFERENCES](https://docs.snowflake.com/en/sql-reference/functions/policy_references.html) table function calls.
2. If **arguments** or **returns** of policy was changed, all references will be dropped, policy will be re-created from scratch, and all references will be restored. Also, when other objects are being re-created, such objects will initially lack policy references.\
   \
   Business users might be able to access objects without protection of policy in such case. There is no way to avoid it due to fundamental lack of transaction support for DDL queries in Snowflake.\
   \
   You may consider having weekly "safe maintenance" time slots to apply DDL when business users won't be able to access Snowflake account.
3. Parameter `references` is deprecated since `0.33.0`. Use policy reference parameters directly in [TABLE](/basic/yaml-configs/table.md) or [VIEW](/basic/yaml-configs/view.md) configs instead.

## Links

* [CREATE MASKING POLICY](https://docs.snowflake.com/en/sql-reference/sql/create-masking-policy.html)
* [SHOW MASKING POLICIES](https://docs.snowflake.com/en/sql-reference/sql/show-masking-policies.html)
* [DESC MASKING POLICY](https://docs.snowflake.com/en/sql-reference/sql/desc-masking-policy.html)
* [Parser & JSON Schema (GitHub)](https://github.com/littleK0i/SnowDDL/blob/master/snowddl/parser/masking_policy.py)


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.snowddl.com/basic/yaml-configs/masking-policy.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.