A financial services company is implementing Snowflake. They have a table 'CUSTOMER DATA' containing sensitive information like 'CREDIT CARD NUMBER, 'SSN', and 'ADDRESS'. They need to ensure that: 1) Analysts can only see the last four digits of the 'CREDIT CARD NUMBER. 2) Data scientists require full access to the 'ADDRESS' but should not see the 'SSN'. 3) A dedicated compliance role should be able to view all data in its original format for auditing purposes. Which of the following is the MOST efficient and secure approach to implement this using Snowflake's data masking and RBAC?
Correct Answer: B
Conditional masking using the CURRENT ROLE() function within masking policies is the most efficient and secure approach. It allows a single table to be used while dynamically controlling data visibility based on the user's role. Views (Option A) can introduce maintenance overhead. Encryption (Option C) is generally used for data at rest and in transit and is not the correct solution for masking. Tag-based masking can add complexity when direct role-based masking is simpler. Replicating the table (Option E) would consume a huge amount of resource, and increase data duplication issues.