No there no restriction in my point of view connecting to a vdb for schema profiling is a good best practice.
The masking engine need only a database to connect to in order to read schémas metadata (tables in there, columns inside and there type ...), you can even drop this vdb later on once you define the masking job.
Masking engine will create a dynamic connector to the new vdb you are creating and apply the same ruleset you've defined in you ruleset to mask the data.
Hello Swathy, Could you please help to understand the reason behind this approach, on choosing encryption over masking?
You can restrict user permission for VDB, as we do on physical databases via roles and privileges. If you like to revoke any privileges or perform any changes on VDB, you can call script via hooks, which will automate the process, when you refresh or provision any virtual database.