ALTER ROW LEVEL SECURITY POLICY
Description
Modifies an existing row-level security policy, including the policy name and the users and expressions affected by the policy.
Precautions
Only the table owner or a system administrator can perform this operation.
Syntax
- Change the name of an existing row-level security policy.
1
ALTER [ ROW LEVEL SECURITY ] POLICY policy_name ON table_name RENAME TO new_policy_name;
- Change the specified user and policy expression of an existing row-level security policy.
1 2 3
ALTER [ ROW LEVEL SECURITY ] POLICY policy_name ON table_name [ TO { role_name | PUBLIC } [, ...] ] [ USING ( using_expression ) ];
Parameters
- policy_name
Specifies the name of a row-level security policy.
- table_name
Specifies the name of a table to which a row-level security policy is applied.
- new_policy_name
Specifies the new name of a row-level security policy.
- role_name
Specifies names of users affected by a row-level security policy. PUBLIC indicates that the row-level security policy will affect all users.
- using_expression
Specifies a row-level security policy, which is similar to a Boolean expression in the WHERE clause.
Examples
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 |
-- Create the data table all_data. gaussdb=# CREATE TABLE all_data(id int, role varchar(100), data varchar(100)); -- Create a row-level security policy to specify that the current user can view only their own data. gaussdb=# CREATE ROW LEVEL SECURITY POLICY all_data_rls ON all_data USING(role = CURRENT_USER); gaussdb=# \d+ all_data Table "public.all_data" Column | Type | Modifiers | Storage | Stats target | Description --------+------------------------+-----------+----------+--------------+------------- id | integer | | plain | | role | character varying(100) | | extended | | data | character varying(100) | | extended | | Row Level Security Policies: POLICY "all_data_rls" FOR ALL TO public USING (((role)::name = "current_user"())) Has OIDs: no Distribute By: HASH(id) Location Nodes: ALL DATANODES Options: orientation=row, compression=no -- Change the name of the all_data_rls policy. gaussdb=# ALTER ROW LEVEL SECURITY POLICY all_data_rls ON all_data RENAME TO all_data_new_rls; -- Create users alice and bob. gaussdb=# CREATE ROLE alice WITH PASSWORD "********"; gaussdb=# CREATE ROLE bob WITH PASSWORD "********"; -- Change the users affected by the row-level security policy. gaussdb=# ALTER ROW LEVEL SECURITY POLICY all_data_new_rls ON all_data TO alice, bob; gaussdb=# \d+ all_data Table "public.all_data" Column | Type | Modifiers | Storage | Stats target | Description --------+------------------------+-----------+----------+--------------+------------- id | integer | | plain | | role | character varying(100) | | extended | | data | character varying(100) | | extended | | Row Level Security Policies: POLICY "all_data_new_rls" FOR ALL TO alice,bob USING (((role)::name = "current_user"())) Has OIDs: no Distribute By: HASH(id) Location Nodes: ALL DATANODES Options: orientation=row, compression=no, enable_rowsecurity=true -- Modify the expression defined for the row-level security policy. gaussdb=# ALTER ROW LEVEL SECURITY POLICY all_data_new_rls ON all_data USING (id > 100 AND role = current_user); gaussdb=# \d+ all_data Table "public.all_data" Column | Type | Modifiers | Storage | Stats target | Description --------+------------------------+-----------+----------+--------------+------------- id | integer | | plain | | role | character varying(100) | | extended | | data | character varying(100) | | extended | | Row Level Security Policies: POLICY "all_data_new_rls" FOR ALL TO alice,bob USING (((id > 100) AND ((role)::name = "current_user"()))) Has OIDs: no Distribute By: HASH(id) Location Nodes: ALL DATANODES Options: orientation=row, compression=no, enable_rowsecurity=true -- Delete the policy. gaussdb=# DROP ROW LEVEL SECURITY POLICY all_data_new_rls ON all_data; -- Delete users alice and bob. gaussdb=# DROP ROLE alice, bob; -- Delete the all_data table. gaussdb=# DROP TABLE all_data; |
Helpful Links
CREATE ROW LEVEL SECURITY POLICY and DROP ROW LEVEL SECURITY POLICY
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot