Dynamic Data Masking - Make UNMASK more granular
Currently, when using Dynamic Data Masking, the permissions set is very restrictive with regards to granting UNMASK to principals. It would be really good to have the ability to grant UNMASK on either a table or a column level. The current option of all or nothing, while useful, is a little restrictive in the implementation of the feature.
This has been logged against Azure SQL Database, but is also applicable to SQL Server 2016 Database Engine.
Chris Bailiss commented
I am surprised there are not options that provide more fine grained control, i.e. the ability to grant unmask on specific tables (and ideally columns). "GRANT UNMASK (whole database)" is far too broad, so much so it means the old fashioned alternatives (such as SQL views) with their other disadvantages must still be used.