Column masks and row permissions

A column mask can define an alternate value to be returned for a column. The definition of the mask can use logic to check the application or the type of user that is querying the data to determine how to present the data. An example of a masked value is a credit card number with XXX for many of the digits.

A row permission restricts which rows are available from a query. Like a mask, there is logic that defines the restriction. An example of a row permission would be to let managers only see information about employees in their department, while human resources personnel can see all employees.

The VERIFY_GROUP_FOR_USER scalar function can be used in the logic for masks and permissions to distinguish different categories of users.