You can use Apache Ranger dynamic resource-based column masking capabilities to protect
sensitive data. You can set policies that mask or anonymize sensitive data columns (such as PII,
PCI, and PHI) dynamically from the Trino query output. For example, you can mask sensitive data
within a column to show only the first or last four characters.
You can create a masking policy from the Masking tab in the
Trino Policies page. You can then set filters for specific users, groups,
roles, and choose the masking options.
The following masking options are supported:
Mask Option
Description
Redact
Replace lowercase with 'x', uppercase with 'X', and digits with '0'
