Second Brain

❯

❯

cleanup 2026 04 17 conversation flush bulk

❯

❯

❯

column mask reapplication on cached query results

column-mask-reapplication-on-cached-query-results

Apr 17, 20261 min read

ops/security
domain/snowflake
infra/database

column-mask-reapplication-on-cached-query-results

Column masks must be re-applied to cached query results at read time, not just at query execution time. If a role is revoked between the cache write and the cache read, the user would still receive unmasked data without re-application. This defense-in-depth ensures role revocation is effective immediately regardless of cache TTL.

Related

column-masks-reapplied-post-cache-for-immediate-role-revocat
column-masks-reapplied-on-cached-results-for-immediate-revoc
cube-query-cache-column-masks-reapplied-on-cache-hit
column-mask-reapply-on-cached-results
column-masks-reapplied-on-cached-results-defense-in-depth
column-masks-reapplied-post-cache-defense-in-depth

Graph View

column-mask-reapplication-on-cached-query-results
Related

Backlinks

column-mask-reapply-on-cached-results
column-masks-reapplied-on-cached-results-defense-in-depth
column-masks-reapplied-on-cached-results-for-immediate-revoc
cube-query-cache-column-masks-reapplied-on-cache-hit
column-masks-reapplied-post-cache-defense-in-depth
column-masks-reapplied-post-cache-for-immediate-role-revocat

Created with Quartz v4.5.2 © 2026

CIOS
Mission Control