ALTR MCP Server

Official

Overview Schema Related Servers Score Discussions

create_policy

Creates an empty masking policy for a tag to control how tagged data is masked. Supports Snowflake and Databricks with platform-specific tag handling.

Instructions

Create an empty masking policy for a specific tag.

Creates a masking policy that controls how data tagged with the specified tag is masked. Until you add rules with add_rules, all users will see NULL for tagged columns.

Each tag can only have one policy — check get_policies first to avoid conflicts.

After creating a policy, use add_rules to define masking behavior.

PLATFORM DIFFERENCES — TAG HANDLING:

Snowflake and Databricks tags are FUNDAMENTALLY DIFFERENT in ALTR:

A Snowflake tag is a connected ALTR object — it has been registered with connect_tag, owns a tag_group_id, a masking configuration, and shows up in get_tags. You reference it here by its UPPERCASE name.
A Databricks tag is NOT an ALTR object — it is just a raw string referenced at policy-creation time. There is no connect_tag step, no tag_group_id, and it will never appear in get_tags. The string you pass here is what gets stored on the policy.

Snowflake: The tag param must be the UPPERCASE tag name as returned by get_tags. The tag MUST already be connected to ALTR via connect_tag before creating a policy. Do NOT pass database_ids for Snowflake — the API will reject it.

Databricks: The tag param is any raw tag name string (e.g., "pac_access_level") — case-insensitive, no connection step required. Do NOT call connect_tag and do NOT look the tag up in get_tags; Databricks tags will not be there. You MUST set policy_type to "PUSHDOWN" — the API rejects "TAG" for Databricks metastores. You MUST also pass database_ids as a list of ALTR database IDs for the target Databricks metastore(s) (from get_databases). database_ids is required for Databricks, and it is ALWAYS a list — even when targeting a single database, wrap the ID in a list (e.g., database_ids=[2167], not database_ids=2167). Omitting database_ids will be rejected by the API.

Available masking levels:

10000: No mask (show raw value)
10001: Full mask (replace with * matching data length)
10002: Email mask (show domain only)
10003: Show last four
10004: Constant mask (1 for numbers,
- for strings, 1/1/2000 for dates)
10005: Null (replace with NULL)
10006: Full mask hash (replace with hashed value)
10007: Email hash (show domain, hash local part)
10008: Show last four hash (hash prefix, show last 4)
10009: Constant date (replace with 12/31/9999)

Input Schema

TableJSON Schema

Name	Required	Description
`tag`	Yes	Tag name. For Snowflake: UPPERCASE connected tag from `get_tags`. For Databricks: any raw tag name string — no prior connection required.
`policy_type`	No	Must be "PUSHDOWN" for Databricks. Omit for Snowflake (defaults to "TAG").
`database_ids`	No	REQUIRED for Databricks. Must be a list of ALTR database IDs for the target Databricks metastore(s) (from `get_databases`). Always pass a list — wrap a single ID in a list (e.g., [2167]); do NOT pass a bare int. Omit entirely for Snowflake.

Output Schema

TableJSON Schema

Name	Required	Description	Default
No arguments

Tool Definition Quality

A4.9/5.0

Behavior5/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

No annotations provided, so description carries full burden. It discloses that until rules are added, all users see NULL for tagged columns. Explains per-platform behavior: Snowflake tags are connected objects, Databricks tags are raw strings. Also warns about policy uniqueness per tag.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness4/5

Is the description appropriately sized, front-loaded, and free of redundancy?

Description is long but well-structured with clear sections for purpose, platform differences, and masking levels. It is front-loaded with key information. The masking levels list is necessary reference info, so no waste.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness5/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Given complexity with platform differences and no annotations, description covers all necessary aspects: purpose, prerequisites, post-creation steps, parameter nuances, and available masking levels. Output schema exists but doesn't need return value explanation.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters5/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

Schema coverage is 100%, but description adds crucial context beyond schema: case-sensitivity for Snowflake tag, requirement for 'policy_type' only for Databricks, 'database_ids' must be a list even for single IDs, and connection prerequisites. This significantly aids correct parameter usage.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose5/5

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states 'Create an empty masking policy for a specific tag' and explains its role controlling data masking. It distinguishes from sibling tools like 'add_rules' and 'get_policies', noting that rules are added later and conflicts should be checked first.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines5/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

Explicitly advises checking 'get_policies' first to avoid conflicts and using 'add_rules' after creation. Provides platform-specific guidance: for Snowflake, must call 'connect_tag' first; for Databricks, must not call 'connect_tag' and must set 'policy_type' to 'PUSHDOWN' and provide 'database_ids'.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Other Tools

Latest Blog Posts

Lightport: Open-Sourcing Glama's AI Gateway
By punkpeye on April 27, 2026.
open source
OpenAI
Tool Definition Quality Score (TDQS)
By punkpeye on April 3, 2026.
mcp
The Hackers Who Tracked My Sleep Cycle
By punkpeye on March 26, 2026.
security

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/altrsoftware/altr-mcp-server'

If you have feedback or need assistance with the MCP directory API, please join our Discord server