Mask sensitive data from deadlock and top queries
We want to let developers use SQL Monitor, but for that sensitive data has to be masked. Two places that come in mind where we can things like literals in WHERE clause etc are deadlock and top queries. This would ideally be combined with a security group which which the masking should apply.
Greg Smulko commented
We just released version 13.0.30 with an improvement where now it's possible to set to always redact query plan parameters, even for administrators, by setting the `SQLMONITOR_AlwaysRedactQueryPlanParameters` environment variable on the Website to `true`.
Note that before the query plan params were masked for Standard and Read-Only roles, but always available for Administrators.
One more thing worth mentioning: we redact values of the parameters that a query was run with, but if a sensitive value is hardcoded within a query (as opposed to being parametrized), there is not much we can to do reliably redact it - so we even don't attempt to do so.
Does it solve the issue for your use case?