ALTER REDACTION POLICY
Function
ALTER REDACTION POLICY modifies a data redaction policy applied to a specified table.
Precautions
Only the table object owner and users with the gs_redaction_policy preset role can modify the masking policy.
Syntax
- Modify the expression used for a redaction policy to take effect.
1ALTER REDACTION POLICY policy_name ON table_name WHEN (when_expression);
- Enable or disable a redaction policy.
1ALTER REDACTION POLICY policy_name ON table_name ENABLE | DISABLE;
- Rename a redaction policy.
1ALTER REDACTION POLICY policy_name ON table_name RENAME TO new_policy_name;
- Add, modify, or delete a column on which the redaction policy is used.
1 2
ALTER REDACTION POLICY policy_name ON table_name action;
There are several clauses of action:
1 2 3
[INHERIT] ADD COLUMN column_name WITH redaction_function_name ( [ argument [, ...] ] ) | [INHERIT] MODIFY COLUMN column_name WITH redaction_function_name ( [ argument [, ...] ] ) | DROP COLUMN column_name
Parameter Description
Parameter | Description | Value Range |
|---|---|---|
policy_name | Specifies the name of the redaction policy to be modified. | Name of an existing masking policy. |
table_name | Specifies the name of the table to which the redaction policy is applied. | Name of an existing table. |
when_expression | Specifies the new expression used for the redaction policy to take effect. | - |
ENABLE | DISABLE | Specifies whether to enable or disable the current redaction policy.
| - |
new_policy_name | Specifies the new name of the redaction policy. | A string compliant with the identifier naming rules. |
column_name | Specifies the name of the table column to which the redaction policy is applied.
| - |
redaction_function_name | Specifies the name of a redaction function. | For details about the supported functions, see Data Redaction Functions. |
arguments | Specifies the list of arguments of the masking function.
| For details about the supported functions, see Data Redaction Functions. |
Examples
1 | CREATE ROLE test_role PASSWORD '{Password}'; |
1 2 3 | DROP TABLE IF EXISTS emp; CREATE TABLE emp(id int, name varchar(20), salary NUMERIC(10,2)); INSERT INTO emp VALUES(1, 'July', 1230.10), (2, 'David', 999.99); |
1 | CREATE REDACTION POLICY mask_emp ON emp WHEN(current_user = 'test_role') ADD COLUMN salary WITH mask_full(salary); |
Modify the expression for the data masking policy to take effect for the specified role. (If no user is specified, the policy takes effect for the current user by default.)
1 2 | ALTER REDACTION POLICY mask_emp ON emp WHEN (pg_has_role(current_user, 'redact_role', 'member')); ALTER REDACTION POLICY mask_emp ON emp WHEN (pg_has_role('redact_role', 'member')); |
Modify the expression for the masking policy to take effect for all users.
1 | ALTER REDACTION POLICY mask_emp ON emp WHEN (1=1); |
Disable the masking policy.
1 | ALTER REDACTION POLICY mask_emp ON emp DISABLE; |
Enable the masking policy again.
1 | ALTER REDACTION POLICY mask_emp ON emp ENABLE; |
Change the masking policy name to mask_emp_new.
1 | ALTER REDACTION POLICY mask_emp ON emp RENAME TO mask_emp_new; |
Add a column with the masking policy used.
1 | ALTER REDACTION POLICY mask_emp_new ON emp ADD COLUMN name WITH mask_partial(name, '*', 1, length(name)); |
Modify the masking policy for the name column. Use the MASK_FULL function to redact all data in the name column.
1 | ALTER REDACTION POLICY mask_emp_new ON emp MODIFY COLUMN name WITH mask_full(name); |
Delete an existing column where the masking policy is used.
1 | ALTER REDACTION POLICY mask_emp_new ON emp DROP COLUMN name; |
Helpful Links
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.
