ALTER REDACTION POLICY
Function
ALTER REDACTION POLICY modifies a data redaction policy applied to a specified table.
Precautions
Only the table object owner and users with the gs_redaction_policy preset role can modify the masking policy.
Syntax
- Modify the expression used for a redaction policy to take effect.
1ALTER REDACTION POLICY policy_name ON table_name WHEN (when_expression);
- Enable or disable a redaction policy.
1ALTER REDACTION POLICY policy_name ON table_name ENABLE | DISABLE;
- Rename a redaction policy.
1ALTER REDACTION POLICY policy_name ON table_name RENAME TO new_policy_name;
- Add, modify, or delete a column on which the redaction policy is used.
1 2
ALTER REDACTION POLICY policy_name ON table_name action;
There are several clauses of action:
1 2 3
[INHERIT] ADD COLUMN column_name WITH redaction_function_name ( [ argument [, ...] ] ) | [INHERIT] MODIFY COLUMN column_name WITH redaction_function_name ( [ argument [, ...] ] ) | DROP COLUMN column_name
Parameter Description
|
Parameter |
Description |
Value Range |
|---|---|---|
|
policy_name |
Specifies the name of the redaction policy to be modified. |
Name of an existing masking policy. |
|
table_name |
Specifies the name of the table to which the redaction policy is applied. |
Name of an existing table. |
|
when_expression |
Specifies the new expression used for the redaction policy to take effect. |
- |
|
ENABLE | DISABLE |
Specifies whether to enable or disable the current redaction policy.
|
- |
|
new_policy_name |
Specifies the new name of the redaction policy. |
A string compliant with the identifier naming rules. |
|
column_name |
Specifies the name of the table column to which the redaction policy is applied.
|
- |
|
redaction_function_name |
Specifies the name of a redaction function. |
For details about the supported functions, see Data Redaction Functions. |
|
arguments |
Specifies the list of arguments of the masking function.
|
For details about the supported functions, see Data Redaction Functions. |
Examples
1
|
CREATE ROLE test_role PASSWORD '{Password}'; |
1 2 3 |
DROP TABLE IF EXISTS emp; CREATE TABLE emp(id int, name varchar(20), salary NUMERIC(10,2)); INSERT INTO emp VALUES(1, 'July', 1230.10), (2, 'David', 999.99); |
1
|
CREATE REDACTION POLICY mask_emp ON emp WHEN(current_user = 'test_role') ADD COLUMN salary WITH mask_full(salary); |
Modify the expression for the data masking policy to take effect for the specified role. (If no user is specified, the policy takes effect for the current user by default.)
1 2 |
ALTER REDACTION POLICY mask_emp ON emp WHEN (pg_has_role(current_user, 'redact_role', 'member')); ALTER REDACTION POLICY mask_emp ON emp WHEN (pg_has_role('redact_role', 'member')); |
Modify the expression for the masking policy to take effect for all users.
1
|
ALTER REDACTION POLICY mask_emp ON emp WHEN (1=1); |
Disable the masking policy.
1
|
ALTER REDACTION POLICY mask_emp ON emp DISABLE; |
Enable the masking policy again.
1
|
ALTER REDACTION POLICY mask_emp ON emp ENABLE; |
Change the masking policy name to mask_emp_new.
1
|
ALTER REDACTION POLICY mask_emp ON emp RENAME TO mask_emp_new; |
Add a column with the masking policy used.
1
|
ALTER REDACTION POLICY mask_emp_new ON emp ADD COLUMN name WITH mask_partial(name, '*', 1, length(name)); |
Modify the masking policy for the name column. Use the MASK_FULL function to redact all data in the name column.
1
|
ALTER REDACTION POLICY mask_emp_new ON emp MODIFY COLUMN name WITH mask_full(name); |
Delete an existing column where the masking policy is used.
1
|
ALTER REDACTION POLICY mask_emp_new ON emp DROP COLUMN name; |
Helpful Links
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.
