DataSunrise is sponsoring AWS re:Invent 2024 in Las Vegas, please visit us in DataSunrise's booth #2158

This website stores cookies to collect information about how you interact with our website. To find out more visit our Privacy Policy.

  • Home
  • Guides
  • How to Hide Schemas From Users in Redshift

How to Hide Schemas From Users in Redshift

How to Migrate DataSunrise CloudFormation Template from Launch Configuration (LC) to Launch Template (LT) Resource in Auto Scaling Group How to Send DataSunrise Events to a Microsoft Teams Channel via Incoming Webhook using Subscribers How To Offload The Audit Database Data To AWS S3 And Read It Using AWS Athena Service How to Convert Trial or BYOL Configuration of DataSunrise to Hourly Billing Backend DB: PostgreSQL (RDS) or Aurora PostgreSQL How to Troubleshoot “Connection Was Terminated” or “Connection Terminated Unexpectedly” Errors in Applications Using DataSunrise Proxies Exploring DataSunrise’s Performance Under High Traffic Conditions DataSunrise’s Approach to Configuring Penalties for SQL Injection Detection How to Block Specific Hosts in DataSunrise for Enhanced Database Security Troubleshooting AWS Metering and Hourly Billing Issues in DataSunrise on AWS Marketplace Cloud Formation Modification Dynamic Data Masking with DataSunrise: Masking with Lua scripts How to Choose the Database for Audit Storage: A Performance Analysis How to Run pgbench Through DataSunrise Proxy on PostgreSQL 14 with SCRAM Authentication DataSunrise SSO Authentication Based on SAML (Okta) DataSunrise SSO Authentication Based on OpenID (Okta) How to Search for Sensitive Data in Images Hosted on AWS S3 How to Deploy DataSunrise with Terraform Template on Azure How to Integrate DataSunrise with SQL Server Always On Cluster How to Deploy DataSunrise in Microsoft Azure Using Azure Resource Manager How to Perform DataSunrise Static Data Masking for MongoDB How to Configure DB Audit Trailing for MS Azure MySQL How to Configure DB Audit Trailing for MS Azure PostgreSQL How to Configure DataSunrise to Mask Data for Amazon Athena How to Upgrade RHEL OS version of existing DataSunrise servers How to Integrate DataSunrise with AWS Database Activity Streams for Getting Auditing Results for AWS Aurora PostgreSQL How to Set Up SSL Certificates for DataSunrise Database Proxy Generating Reports in DataSunrise How to Hide Schemas From Users in Redshift AWS RDS PostgreSQL Audit Logs in DataSunrise How to Audit Administrative Actions in Your Oracle RDS and EC2 How to Check if DataSunrise Receives Traffic How To Remove a Procedure or a Function From a Database
Redshift

Today, the activity of any organization is associated with the operation of a large amount of information, access to which has a wide range of people. Consequently, the complexity of ensuring the confidentiality of sensitive data increases, along with the growth of the volume of data processed in companies. Therefore, the protection of data from unauthorized access, from unauthorized modification or simply from destruction is one of the priorities. Data masking is one of the effective methods of protecting important information from unauthorized access.

The Hide Rows option of the Data Sunrise Dynamic Masking allows you to create certain rules to hide part of the data from a certain group of users, preserving the general information structure and leaving available that part of the data that is necessary for work. As an example, consider how Dynamic Masking rules with the Hide Rows option can be used to hide specific schemas in the Redshift database from a group of users.

The information about the schemas in DB is contained in the system table <your_database>.pg_catalog.pg_namespace. Thus, by applying appropriate conditions to the columns of this table, you can hide some of the schemas from specific users.

screen

Imagine you have schemas “test1” and “test2” and you want only these 2 schemas to be visible for “user1”, “user2” and “user3”. Below is a step-by-step guide on how to implement this scenario:

  • Navigate to Masking –> Dynamic Masking Rules then click on Add Rule. screen
  • In the Rule Details page, fill up the required fields such as Name, Database Type and Instance. Enable Log Event in Storage checkbox to see events in the Dynamic Masking Events section. Other fields are optional and can be filled up as necessary or required. screen screen
  • In the Filter Sessions, add a condition for which the rule should be applied, example DB User if the rule is applicable for specific users or DB User Group for a set of users within the group. screen screen
  • In the Masking Settings, click on Select in the Tables to Hide rows in, the Check Columns modal window will appear. screen
  • In the Check Columns modal window left portion, (a) enter the Database(s) name for which the rule should be applied, (b) enter “pg_catalog” in the Find Schemas field, (c) enter “pg_namespace” in the Find Tables field then click on the Filter button. The filter will be applied to the Object Explorer menu, tick the checkbox beside the “pg_namespace” table then click Done. screen
  • In the column condition field, enter nspname LIKE ‘%test%’ then Save the rule. screen
  • Connect to Redshift database via proxy on behalf of “user1” specified in Dynamic Masking rule. screen
  • When connecting to the database, this “user1” will see only “test1” and “test2” schemas. screen
  • To hide all schemas except of public from “user3” specify the following condition nspowner = 1 and nspname = ‘public’. screen
  • Only the “public” schema will be visible to user3 in such case. screen
  • To hide all schemas use condition nspowner is NULL, which is false by default screen

  • In this case, users included in the DB User Group will not see any scheme at all when connecting to the database via proxy.

    screen

Did this guide help you?

Contact Us