ALTER ROW LEVEL SECURITY POLICY
Function
ALTER ROW LEVEL SECURITY POLICY modifies an existing row-level access control policy, including the policy name and the users and expressions affected by the policy.
Precautions
Only the table owner or a system administrator can perform this operation.
Syntax
1 2 3 4 5 |
ALTER [ ROW LEVEL SECURITY ] POLICY [ IF EXISTS ] policy_name ON table_name RENAME TO new_policy_name; ALTER [ ROW LEVEL SECURITY ] POLICY policy_name ON table_name [ TO { role_name | PUBLIC } [, ...] ] [ USING ( using_expression ) ]; |
Parameter Description
- policy_name
- table_name
Specifies the name of a table to which a row-level access control policy is applied.
- new_policy_name
Specifies the new name of a row-level access control policy.
- role_name
Specifies names of users affected by a row-level access control policy. PUBLIC indicates that the row-level access control policy will affect all users.
- using_expression
Specifies an expression defined for a row-level access control policy. The return value is of the Boolean type.
Examples
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 |
-- Create the all_data data sheet. openGauss=# CREATE TABLE all_data(id int, role varchar(100), data varchar(100)); -- Create a row-level access control policy to specify that the current user can view only their own data. openGauss=# CREATE ROW LEVEL SECURITY POLICY all_data_rls ON all_data USING(role = CURRENT_USER); openGauss=# \d+ all_data Table "public.all_data" Column | Type | Modifiers | Storage | Stats target | Description --------+------------------------+-----------+----------+--------------+------------- id | integer | | plain | | role | character varying(100) | | extended | | data | character varying(100) | | extended | | Row Level Security Policies: POLICY "all_data_rls" USING (((role)::name = "current_user"())) Has OIDs: no Distribute By: HASH(id) Location Nodes: ALL DATANODES Options: orientation=row, compression=no -- Change the name of the all_data_rls policy. openGauss=# ALTER ROW LEVEL SECURITY POLICY all_data_rls ON all_data RENAME TO all_data_new_rls; -- Change the users affected by the row-level access control policy. openGauss=# ALTER ROW LEVEL SECURITY POLICY all_data_new_rls ON all_data TO alice, bob; openGauss=# \d+ all_data Table "public.all_data" Column | Type | Modifiers | Storage | Stats target | Description --------+------------------------+-----------+----------+--------------+------------- id | integer | | plain | | role | character varying(100) | | extended | | data | character varying(100) | | extended | | Row Level Security Policies: POLICY "all_data_new_rls" TO alice,bob USING (((role)::name = "current_user"())) Has OIDs: no Distribute By: HASH(id) Location Nodes: ALL DATANODES Options: orientation=row, compression=no, enable_rowsecurity=true -- Modify the expression defined for the access control policy. openGauss=# ALTER ROW LEVEL SECURITY POLICY all_data_new_rls ON all_data USING (id > 100 AND role = current_user); openGauss=# \d+ all_data Table "public.all_data" Column | Type | Modifiers | Storage | Stats target | Description --------+------------------------+-----------+----------+--------------+------------- id | integer | | plain | | role | character varying(100) | | extended | | data | character varying(100) | | extended | | Row Level Security Policies: POLICY "all_data_new_rls" TO alice,bob USING (((id > 100) AND ((role)::name = "current_user"()))) Has OIDs: no Distribute By: HASH(id) Location Nodes: ALL DATANODES Options: orientation=row, compression=no, enable_rowsecurity=true |
Helpful Links
CREATE ROW LEVEL SECURITY POLICY and DROP ROW LEVEL SECURITY POLICY
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot