A method includes receiving a request from a user account to access a base table via a smart table view. The base table includes sensitive columns and non-sensitive columns. Each record in the base table is associated with a respective protection key of a plurality of protection keys. Each protection key represents protection types of a plurality of protection types of sensitive data. The user account is associated with a user protection key. The user protection key represents at least one protection type for which the user account is authorized. The smart table view of the base table is dynamically generated by joining the base table and a custom mask table including a subset of the plurality of protection keys. The smart table view masks the non-sensitive columns of the base table in records of the base table having sensitive data the user account is not authorized to access.