ALTER REDACTION POLICY
Function
ALTER REDACTION POLICY modifies a data redaction policy applied to a specified table.
Precautions
Only the table object owner and users with the gs_redaction_policy preset role can modify the masking policy.
Syntax
- Modify the expression used for a redaction policy to take effect.
1ALTER REDACTION POLICY policy_name ON table_name [INHERIT] WHEN (new_when_expression);
- Enable or disable a redaction policy.
1ALTER REDACTION POLICY policy_name ON table_name ENABLE | DISABLE;
- Rename a redaction policy.
1ALTER REDACTION POLICY policy_name ON table_name RENAME TO new_policy_name;
- Add, modify, or delete a column on which the redaction policy is used.
1 2
ALTER REDACTION POLICY policy_name ON table_name action;
There are several clauses of action:
1 2 3
[INHERIT] ADD COLUMN column_name WITH function_name ( arguments ) | [INHERIT] MODIFY COLUMN column_name WITH function_name ( arguments ) | DROP COLUMN column_name
Parameter Description
- policy_name
Specifies the name of the redaction policy to be modified.
- table_name
Specifies the name of the table to which the redaction policy is applied.
- INHERIT
Specifies whether the masking policy or operation is inherited from other masking policies or operations. This parameter is not recommended.
- new_when_expression
Specifies the new expression used for the redaction policy to take effect.
- ENABLE | DISABLE
Specifies whether to enable or disable the current redaction policy.
- new_policy_name
Specifies the new name of the redaction policy.
- column_name
Specifies the name of the table column to which the redaction policy is applied.
To add a column, use a column name that has not been bound to any redaction functions.
To modify a column, use the name of an existing column.
To delete a column, use the name of an existing column.
- function_name
Specifies the name of a redaction function.
- arguments
Specifies the list of arguments of the redaction function.
- MASK_NONE: indicates that no masking is performed.
- MASK_FULL: indicates that all data is masked to a fixed value.
- MASK_PARTIAL: indicates that partial masking is performed based on the specified character type, numeric type, or time type.
Examples
Modify the expression for a redaction policy to make it take effect for the specified role (If no user is specified, the redaction policy takes effect for the current user by default.):
1 2 |
ALTER REDACTION POLICY mask_emp ON emp WHEN (pg_has_role(current_user, 'redact_role', 'member')); ALTER REDACTION POLICY mask_emp ON emp WHEN (pg_has_role('redact_role', 'member')); |
Modify the expression for the data redaction policy to make it take effect for all users.
1
|
ALTER REDACTION POLICY mask_emp ON emp WHEN (1=1); |
Disable the redaction policy.
1
|
ALTER REDACTION POLICY mask_emp ON emp DISABLE; |
Enable the redaction policy again.
1
|
ALTER REDACTION POLICY mask_emp ON emp ENABLE; |
Change the redaction policy name to mask_emp_new.
1
|
ALTER REDACTION POLICY mask_emp ON emp RENAME TO mask_emp_new; |
Add a column with the redaction policy used.
1
|
ALTER REDACTION POLICY mask_emp_new ON emp ADD COLUMN name WITH mask_partial(name, '*', 1, length(name)); |
Modify the redaction policy for the name column. Use the MASK_FULL function to redact all data in the name column.
1
|
ALTER REDACTION POLICY mask_emp_new ON emp MODIFY COLUMN name WITH mask_full(name); |
Delete an existing column where the redaction policy is used.
1
|
ALTER REDACTION POLICY mask_emp_new ON emp DROP COLUMN name; |
Helpful Links
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.
