ALTER ROW LEVEL SECURITY POLICY
Function
Modifies an existing row-level security policy, including the policy name and the users and expressions affected by the policy.
Precautions
Only the table owner or a system administrator can perform this operation.
Syntax
1
|
ALTER [ ROW LEVEL SECURITY ] POLICY policy_name ON table_name RENAME TO new_policy_name; |
1 2 3 |
ALTER [ ROW LEVEL SECURITY ] POLICY policy_name ON table_name [ TO { role_name | PUBLIC } [, ...] ] [ USING ( using_expression ) ]; |
Parameter Description
- policy_name
- table_name
Specifies the name of a table to which a row-level security policy is applied.
- new_policy_name
- role_name
Specifies names of users affected by a row-level security policy. PUBLIC indicates that the row-level security policy will affect all users.
- using_expression
Specifies a row-level security policy, which is similar to a Boolean expression in the WHERE clause.
Examples
-- Create the data table all_data. gaussdb=# CREATE TABLE all_data(id int, role varchar(100), data varchar(100)); -- Create a row-level security policy to specify that the current user can view only their own data. gaussdb=# CREATE ROW LEVEL SECURITY POLICY all_data_rls ON all_data USING(role = CURRENT_USER); gaussdb=# \d+ all_data Table "public.all_data" Column | Type | Modifiers | Storage | Stats target | Description --------+------------------------+-----------+----------+--------------+------------- id | integer | | plain | | role | character varying(100) | | extended | | data | character varying(100) | | extended | | Row Level Security Policies: POLICY "all_data_rls" FOR ALL TO public USING (((role)::name = "current_user"())) Has OIDs: no Options: orientation=row, compression=no -- Create users alice and bob. gaussdb=# CREATE ROLE alice WITH PASSWORD "********"; gaussdb=# CREATE ROLE bob WITH PASSWORD "********"; -- Change the name of the all_data_rls policy. gaussdb=# ALTER ROW LEVEL SECURITY POLICY all_data_rls ON all_data RENAME TO all_data_new_rls; -- Change the users affected by the row-level security policy. gaussdb=# ALTER ROW LEVEL SECURITY POLICY all_data_new_rls ON all_data TO alice, bob; gaussdb=# \d+ all_data Table "public.all_data" Column | Type | Modifiers | Storage | Stats target | Description --------+------------------------+-----------+----------+--------------+------------- id | integer | | plain | | role | character varying(100) | | extended | | data | character varying(100) | | extended | | Row Level Security Policies: POLICY "all_data_new_rls" FOR ALL TO alice,bob USING (((role)::name = "current_user"())) Has OIDs: no Options: orientation=row, compression=no, enable_rowsecurity=true -- Modify the expression defined for the row-level security policy. gaussdb=# ALTER ROW LEVEL SECURITY POLICY all_data_new_rls ON all_data USING (id > 100 AND role = current_user); gaussdb=# \d+ all_data Table "public.all_data" Column | Type | Modifiers | Storage | Stats target | Description --------+------------------------+-----------+----------+--------------+------------- id | integer | | plain | | role | character varying(100) | | extended | | data | character varying(100) | | extended | | Row Level Security Policies: POLICY "all_data_new_rls" FOR ALL TO alice,bob USING (((id > 100) AND ((role)::name = "current_user"()))) Has OIDs: no Options: orientation=row, compression=no, enable_rowsecurity=true -- Delete users alice and bob. gaussdb=# DROP ROLE alice, bob; -- Delete the policy. gaussdb=# DROP ROW LEVEL SECURITY POLICY all_data_new_rls ON all_data; -- Delete the all_data table. gaussdb=# DROP TABLE all_data;
Helpful Links
CREATE ROW LEVEL SECURITY POLICY and DROP ROW LEVEL SECURITY POLICY
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot