cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
Data Governance
Join discussions on data governance practices, compliance, and security within the Databricks Community. Exchange strategies and insights to ensure data integrity and regulatory compliance.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

New policy for mask column fails - Compilation error with message 'Unknown tag policy key'

SunilN
New Contributor

‎03-24-2026 02:48 AM

I have created custom tags on a column and plan to mask columns with tags via policy.  I am facing 2 issues 

1. Cant see the custom tag under - Mask column if it has specific tag. 

2. If I type my custom tag get error when creating policy  

Policy creation failed
Invalid condition in policy 'MaskEmailColumnsPolicy'. Compilation error with message 'Unknown tag policy key `data_classification`'.

Created a tag on a column 

SET TAG ON COLUMN raw.abc.abac_test.cemail data_classification = 'email'
Create a new policy 'MaskEmailColumnsPolicy' where scope is all schema; applied to all users 
Labels:
0 Kudos
1 REPLY 1

emma_s
Databricks Employee
Databricks Employee

‎03-24-2026 10:44 AM

Hi, to use a tag in a tag policy it needs to be a governed tag rather than just a general tag. IF you just create it using Set tags UC sees it as a informational tag rather than a governed tag. If you use a CREATE tag statement to create it then you'll have it as an option in your policies.  Governed tags must have a tag policy which specifies the allowed list of values, this prevents users being able to put any random value against it and threfore is why it's used for ABAC. Docs on Governed tags here https://docs.databricks.com/aws/en/admin/governed-tags/

I hope this helps!

 

0 Kudos
Announcements