Data Management (DMS) classifies sensitive fields into three levels — Low, Medium, and High — so you can apply different data masking and access control policies based on data sensitivity.
Field sensitivity levels apply only to databases connected in DMS or through DMS proxy endpoints. Databases connected through other third-party tools are not supported.
How sensitivity levels work
Each level determines how field values appear when queried and whether explicit permissions are required to query, export, or change those fields.
| Level | Field value display | Permissions required to query, export, or change |
|---|---|---|
| Low | Plaintext | — |
| Medium | Ciphertext | Yes |
| High | Ciphertext (higher sensitivity than Medium) | Yes |
Databases managed in Security Collaboration mode default to the Low sensitivity level.
Sensitivity levels
DMS provides three sensitivity levels, each derived from an earlier DMS classification:
Low — Derived from the Internal level. Field values are displayed in plaintext. Databases managed in Security Collaboration mode use Low as the default sensitivity level.
Medium — Derived from the Sensitive level. Field values are displayed as ciphertext. In SQLConsole, Medium fields for which you have no permissions appear as asterisks (
*) or in a custom masked format.High — Derived from the Confidential level. Field values are displayed as ciphertext, with a higher sensitivity level than Medium. In SQLConsole, High fields for which you have no permissions appear as asterisks (
*) or in a custom masked format.
Usage notes
To query, export, or change Medium or High sensitivity fields, apply for the required permissions on those fields in DMS.
A database administrator (DBA) or DMS administrator can configure special approval processes for exporting or changing data that contains Medium or High sensitivity fields.