Skip to main content
commvault.com commvault.com
Question

Disabling SQL Dynamic Data Masking for the CommServe

  • May 21, 2026
  • 2 replies
  • 18 views
D
Novice
Forum|alt.badge.img+2

Hi Community, 

 

I’m currently forwarding logs from Commvault with a external monitoring tool, and then use a DB Connect tool for this. 

After a recent upgrade, I can see that my queries for the view [CommServ].[dbo].[CommCellBackupInfo] is now being masked for the variable clientname. It now shows, for example: “eexxxxom”. instead of “example.com”. I found this KB: SQL Dynamic Data Masking about this.

Questions I have relating to this are:

  • What privilege does the user need to have for this to not mask? Currently, I have “read-only” rights, which only have rights to read and connect to the database. What else would I need for this to work?
  • Or, are there any way to disable this in Commvault/the SQL database in the CommServe?

Kind regards,

Daniel

2 replies

D
Vaulter
Forum|alt.badge.img+4
  • ddwyerVaulter
  • Vaulter
  • May 21, 2026

Hi Daniel,

 

Dynamic Data Masking is enabled from 11.36 onwards by default.

 

You can GRANT UNMASK TO the user which the external log monitoring tool uses to access the Commvault data.

 

This change needs to be made in SQL Server and will require a privileged user account to make the change.  

 

Regards,

David

P
Vaulter
Forum|alt.badge.img+17
  • PradeepVaulter
  • Vaulter
  • May 22, 2026

HI ​@danbj ,

We can use the following API endpoint to deny users the ability to enable data privacy (which includes dynamic masking):

  • PUT /Commcell/Properties/Privacy/Action/Disable

https://api.commvault.com/docs/SP40/api/cv/ControlPanelOperations/denydataprivacy/

Readiverse Academy Certifications Tier

description of image
Terms & ConditionsAccessibility statement