vpruthi/doc-exports
1
0
Fork 0
forked from docs/doc-exports
Code Pull Requests Activity
doc-exports/docs/dws/dev/dws_04_0061.html
Lu, Huayi e6fa411af0 DWS DEV 830.201 version 
Reviewed-by: Pruthi, Vineet <vineet.pruthi@t-systems.com>
Co-authored-by: Lu, Huayi <luhuayi@huawei.com>
Co-committed-by: Lu, Huayi <luhuayi@huawei.com>
2024-05-16 07:24:04 +00:00

198 lines
31 KiB
HTML
Raw Blame History

<a name="EN-US_TOPIC_0000001233761731"></a><a name="EN-US_TOPIC_0000001233761731"></a>
<h1 class="topictitle1">Row-Level Access Control</h1>
<div id="body1560407392207"><p id="EN-US_TOPIC_0000001233761731__p1873119554919">The row-level access control feature restricts users to access only specific data rows in the data table, ensuring data read and write security.</p>
<div class="section" id="EN-US_TOPIC_0000001233761731__section1921474514288"><h4 class="sectiontitle">Configuring Row-Level Access Control</h4><p id="EN-US_TOPIC_0000001233761731__p1479416593558">Row-level access control is used to control the visibility of row-level data in tables. By predefining filters for data tables, the expressions that meet the specified condition can be applied to execution plans in the query optimization phase, which will affect the final execution result. Currently, the SQL statements that can be affected include <strong id="EN-US_TOPIC_0000001233761731__b35921474383914">SELECT</strong>, <strong id="EN-US_TOPIC_0000001233761731__b30026272983914">UPDATE</strong>, and <strong id="EN-US_TOPIC_0000001233761731__b187718481483914">DELETE</strong>.</p>
<ul id="EN-US_TOPIC_0000001233761731__ul1527272910408"><li id="EN-US_TOPIC_0000001233761731__li189051926414">You can use the CREATE ROW LEVEL SECURITY POLICY statement to create a row-level security policy on a table.<p id="EN-US_TOPIC_0000001233761731__p977363104118"><a name="EN-US_TOPIC_0000001233761731__li189051926414"></a><a name="li189051926414"></a>This policy works only for expressions that take effect for specific database users and SQL operations. When a database user accesses the data table, if a SQL statement meets the specified row-level access control policies of the data table, the expressions that meet the specified condition will be combined by using <strong id="EN-US_TOPIC_0000001233761731__b82904583583914">AND</strong> or <strong id="EN-US_TOPIC_0000001233761731__b125091595083914">OR</strong> based on the attribute type (<strong id="EN-US_TOPIC_0000001233761731__b101510241183914">PERMISSIVE</strong> | <strong id="EN-US_TOPIC_0000001233761731__b31430730283914">RESTRICTIVE</strong>) and applied to the execution plan in the query optimization phase.</p>
</li><li id="EN-US_TOPIC_0000001233761731__li6272229154010">After a row-level access control policy is created for a table, it takes effect only when the row-level access control switch (<strong id="EN-US_TOPIC_0000001233761731__b13276101874415">ALTER TABLE</strong>...<strong id="EN-US_TOPIC_0000001233761731__b5276618184413">ENABLE ROW LEVEL SECURITY</strong>) of the table is turned on.</li></ul>
</div>
<div class="section" id="EN-US_TOPIC_0000001233761731__section387420542467"><h4 class="sectiontitle">Example of Row-Level Access Control</h4><p id="EN-US_TOPIC_0000001233761731__p1823094154712">The data of all users is aggregated in table <strong id="EN-US_TOPIC_0000001233761731__b13681757104712">all_data</strong>. Implement row-level access control on this table so that different users can view only their own data.</p>
<ol id="EN-US_TOPIC_0000001233761731__ol11330171224810"><li id="EN-US_TOPIC_0000001233761731__li13237202218411"><span>Create users <strong id="EN-US_TOPIC_0000001233761731__b4233587492">alice</strong>, <strong id="EN-US_TOPIC_0000001233761731__b389189164911">bob</strong>, and <strong id="EN-US_TOPIC_0000001233761731__b2045881111493">peter</strong>.</span><p><div class="codecoloring" codetype="Sql" id="EN-US_TOPIC_0000001233761731__screen10444112811611"><div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span>
<span class="normal">2</span>
<span class="normal">3</span></pre></div></td><td class="code"><div><pre><span></span><span class="k">CREATE</span><span class="w"> </span><span class="k">ROLE</span><span class="w"> </span><span class="n">alice</span><span class="w"> </span><span class="n">PASSWORD</span><span class="w"> </span><span class="s1">'********'</span><span class="p">;</span>
<span class="k">CREATE</span><span class="w"> </span><span class="k">ROLE</span><span class="w"> </span><span class="n">bob</span><span class="w"> </span><span class="n">PASSWORD</span><span class="w"> </span><span class="s1">'********'</span><span class="p">;</span>
<span class="k">CREATE</span><span class="w"> </span><span class="k">ROLE</span><span class="w"> </span><span class="n">peter</span><span class="w"> </span><span class="n">PASSWORD</span><span class="w"> </span><span class="s1">'********'</span><span class="p">;</span>
</pre></div></td></tr></table></div>
</div>
<p id="EN-US_TOPIC_0000001233761731__p20199191714813">Create table <strong id="EN-US_TOPIC_0000001233761731__b15258524174916">all_data</strong> and insert data of different users into it.</p>
<div class="codecoloring" codetype="Sql" id="EN-US_TOPIC_0000001233761731__screen19679554481"><div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span>
<span class="normal">2</span>
<span class="normal">3</span>
<span class="normal">4</span>
<span class="normal">5</span></pre></div></td><td class="code"><div><pre><span></span><span class="k">CREATE</span><span class="w"> </span><span class="k">TABLE</span><span class="w"> </span><span class="k">public</span><span class="p">.</span><span class="n">all_data</span><span class="p">(</span><span class="n">id</span><span class="w"> </span><span class="nb">int</span><span class="p">,</span><span class="w"> </span><span class="k">role</span><span class="w"> </span><span class="nb">varchar</span><span class="p">(</span><span class="mi">100</span><span class="p">),</span><span class="w"> </span><span class="k">data</span><span class="w"> </span><span class="nb">varchar</span><span class="p">(</span><span class="mi">100</span><span class="p">));</span>
<span class="k">INSERT</span><span class="w"> </span><span class="k">INTO</span><span class="w"> </span><span class="n">all_data</span><span class="w"> </span><span class="k">VALUES</span><span class="p">(</span><span class="mi">1</span><span class="p">,</span><span class="w"> </span><span class="s1">'alice'</span><span class="p">,</span><span class="w"> </span><span class="s1">'alice data'</span><span class="p">);</span>
<span class="k">INSERT</span><span class="w"> </span><span class="k">INTO</span><span class="w"> </span><span class="n">all_data</span><span class="w"> </span><span class="k">VALUES</span><span class="p">(</span><span class="mi">2</span><span class="p">,</span><span class="w"> </span><span class="s1">'bob'</span><span class="p">,</span><span class="w"> </span><span class="s1">'bob data'</span><span class="p">);</span>
<span class="k">INSERT</span><span class="w"> </span><span class="k">INTO</span><span class="w"> </span><span class="n">all_data</span><span class="w"> </span><span class="k">VALUES</span><span class="p">(</span><span class="mi">3</span><span class="p">,</span><span class="w"> </span><span class="s1">'peter'</span><span class="p">,</span><span class="w"> </span><span class="s1">'peter data'</span><span class="p">);</span>
</pre></div></td></tr></table></div>
</div>
</p></li><li id="EN-US_TOPIC_0000001233761731__li18841234184818"><span>Grant the read permission on table <strong id="EN-US_TOPIC_0000001233761731__b191241229175016">all_data</strong> to users <strong id="EN-US_TOPIC_0000001233761731__b1926143113501">alice</strong>, <strong id="EN-US_TOPIC_0000001233761731__b3555113235015">bob</strong>, and <strong id="EN-US_TOPIC_0000001233761731__b015493417509">peter</strong>.</span><p><div class="codecoloring" codetype="Sql" id="EN-US_TOPIC_0000001233761731__screen18512113910135"><div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span></pre></div></td><td class="code"><div><pre><span></span><span class="k">GRANT</span><span class="w"> </span><span class="k">SELECT</span><span class="w"> </span><span class="k">ON</span><span class="w"> </span><span class="n">all_data</span><span class="w"> </span><span class="k">TO</span><span class="w"> </span><span class="n">alice</span><span class="p">,</span><span class="w"> </span><span class="n">bob</span><span class="p">,</span><span class="w"> </span><span class="n">peter</span><span class="p">;</span>
</pre></div></td></tr></table></div>
</div>
</p></li><li id="EN-US_TOPIC_0000001233761731__li151461339111318"><span>Run the <strong id="EN-US_TOPIC_0000001233761731__b102731845217">ALTER TABLE</strong> <em id="EN-US_TOPIC_0000001233761731__i7225191361510">tablename</em> <strong id="EN-US_TOPIC_0000001233761731__b1818011175218">ENABLE ROW LEVEL SECURITY</strong> statement to enable the row-level access control.</span><p><div class="codecoloring" codetype="Sql" id="EN-US_TOPIC_0000001233761731__screen2525192515148"><div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span></pre></div></td><td class="code"><div><pre><span></span><span class="k">ALTER</span><span class="w"> </span><span class="k">TABLE</span><span class="w"> </span><span class="n">all_data</span><span class="w"> </span><span class="n">ENABLE</span><span class="w"> </span><span class="k">ROW</span><span class="w"> </span><span class="k">LEVEL</span><span class="w"> </span><span class="k">SECURITY</span><span class="p">;</span>
</pre></div></td></tr></table></div>
</div>
</p></li><li id="EN-US_TOPIC_0000001233761731__li15241312181414"><span>Run the <strong id="EN-US_TOPIC_0000001233761731__b7565114005217">CREATE ROW LEVEL SECURITY POLICY</strong> statement to create a row-level access control policy so that the current user can view only its own data.</span><p><div class="codecoloring" codetype="Sql" id="EN-US_TOPIC_0000001233761731__screen6360246161514"><div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span></pre></div></td><td class="code"><div><pre><span></span><span class="k">CREATE</span><span class="w"> </span><span class="k">ROW</span><span class="w"> </span><span class="k">LEVEL</span><span class="w"> </span><span class="k">SECURITY</span><span class="w"> </span><span class="n">POLICY</span><span class="w"> </span><span class="n">all_data_rls</span><span class="w"> </span><span class="k">ON</span><span class="w"> </span><span class="n">all_data</span><span class="w"> </span><span class="k">USING</span><span class="p">(</span><span class="k">role</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="k">CURRENT_USER</span><span class="p">);</span>
</pre></div></td></tr></table></div>
</div>
</p></li><li id="EN-US_TOPIC_0000001233761731__li1532619812158"><span>View information about the <strong id="EN-US_TOPIC_0000001233761731__b19305113145310">all_data</strong> table.</span><p><div class="codecoloring" codetype="Sql" id="EN-US_TOPIC_0000001233761731__screen128601628141718"><div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal"> 1</span>
<span class="normal"> 2</span>
<span class="normal"> 3</span>
<span class="normal"> 4</span>
<span class="normal"> 5</span>
<span class="normal"> 6</span>
<span class="normal"> 7</span>
<span class="normal"> 8</span>
<span class="normal"> 9</span>
<span class="normal">10</span>
<span class="normal">11</span>
<span class="normal">12</span>
<span class="normal">13</span>
<span class="normal">14</span></pre></div></td><td class="code"><div><pre><span></span><span class="w"> </span><span class="err">\</span><span class="n">d</span><span class="o">+</span><span class="w"> </span><span class="n">all_data</span>
<span class="w"> </span><span class="k">Table</span><span class="w"> </span><span class="ss">&quot;public.all_data&quot;</span>
<span class="w"> </span><span class="k">Column</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="k">Type</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">Modifiers</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="k">Storage</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">Stats</span><span class="w"> </span><span class="n">target</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">Description</span>
<span class="c1">--------+------------------------+-----------+----------+--------------+-------------</span>
<span class="w"> </span><span class="n">id</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="nb">integer</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">plain</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="o">|</span>
<span class="w"> </span><span class="k">role</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="nb">character</span><span class="w"> </span><span class="nb">varying</span><span class="p">(</span><span class="mi">100</span><span class="p">)</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">extended</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="o">|</span>
<span class="w"> </span><span class="k">data</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="nb">character</span><span class="w"> </span><span class="nb">varying</span><span class="p">(</span><span class="mi">100</span><span class="p">)</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">extended</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="o">|</span>
<span class="k">Row</span><span class="w"> </span><span class="k">Level</span><span class="w"> </span><span class="k">Security</span><span class="w"> </span><span class="n">Policies</span><span class="p">:</span>
<span class="w"> </span><span class="n">POLICY</span><span class="w"> </span><span class="ss">&quot;all_data_rls&quot;</span>
<span class="w"> </span><span class="k">USING</span><span class="w"> </span><span class="p">(((</span><span class="k">role</span><span class="p">)::</span><span class="n">name</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="ss">&quot;current_user&quot;</span><span class="p">()))</span>
<span class="n">Has</span><span class="w"> </span><span class="k">OIDs</span><span class="p">:</span><span class="w"> </span><span class="k">no</span>
<span class="n">Distribute</span><span class="w"> </span><span class="k">By</span><span class="p">:</span><span class="w"> </span><span class="n">ROUND</span><span class="w"> </span><span class="n">ROBIN</span>
<span class="k">Location</span><span class="w"> </span><span class="n">Nodes</span><span class="p">:</span><span class="w"> </span><span class="k">ALL</span><span class="w"> </span><span class="n">DATANODES</span>
<span class="k">Options</span><span class="p">:</span><span class="w"> </span><span class="n">orientation</span><span class="o">=</span><span class="k">row</span><span class="p">,</span><span class="w"> </span><span class="n">compression</span><span class="o">=</span><span class="k">no</span><span class="p">,</span><span class="w"> </span><span class="n">enable_rowsecurity</span><span class="o">=</span><span class="k">true</span>
</pre></div></td></tr></table></div>
</div>
</p></li><li id="EN-US_TOPIC_0000001233761731__li14072331716"><span>Switch to user <strong id="EN-US_TOPIC_0000001233761731__b113190208536">alice</strong> and query the data in table <strong id="EN-US_TOPIC_0000001233761731__b958429155314">all_data</strong>. The query result shows that the row-level access control policy takes effect. User <strong id="EN-US_TOPIC_0000001233761731__b11419123014557">alice</strong> can only view its own data.</span><p><div class="codecoloring" codetype="Sql" id="EN-US_TOPIC_0000001233761731__screen19481832141917"><div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span>
<span class="normal">2</span>
<span class="normal">3</span>
<span class="normal">4</span>
<span class="normal">5</span>
<span class="normal">6</span></pre></div></td><td class="code"><div><pre><span></span><span class="k">SET</span><span class="w"> </span><span class="k">ROLE</span><span class="w"> </span><span class="n">alice</span><span class="w"> </span><span class="n">PASSWORD</span><span class="w"> </span><span class="s1">'********'</span><span class="p">;</span>
<span class="k">SELECT</span><span class="w"> </span><span class="o">*</span><span class="w"> </span><span class="k">FROM</span><span class="w"> </span><span class="n">all_data</span><span class="p">;</span>
<span class="w"> </span><span class="n">id</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="k">role</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="k">data</span>
<span class="c1">----+-------+------------</span>
<span class="w"> </span><span class="mi">1</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">alice</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">alice</span><span class="w"> </span><span class="k">data</span>
</pre></div></td></tr></table></div>
</div>
<p id="EN-US_TOPIC_0000001233761731__p7847152365214">The execution plan of the query is displayed, indicating that access to table <strong id="EN-US_TOPIC_0000001233761731__b387418412080">all_data</strong> is under the row-level access control.</p>
<div class="codecoloring" codetype="Sql" id="EN-US_TOPIC_0000001233761731__screen989425865015"><div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal"> 1</span>
<span class="normal"> 2</span>
<span class="normal"> 3</span>
<span class="normal"> 4</span>
<span class="normal"> 5</span>
<span class="normal"> 6</span>
<span class="normal"> 7</span>
<span class="normal"> 8</span>
<span class="normal"> 9</span>
<span class="normal">10</span>
<span class="normal">11</span>
<span class="normal">12</span>
<span class="normal">13</span>
<span class="normal">14</span>
<span class="normal">15</span>
<span class="normal">16</span>
<span class="normal">17</span>
<span class="normal">18</span>
<span class="normal">19</span>
<span class="normal">20</span></pre></div></td><td class="code"><div><pre><span></span><span class="k">EXPLAIN</span><span class="p">(</span><span class="n">COSTS</span><span class="w"> </span><span class="k">OFF</span><span class="p">)</span><span class="w"> </span><span class="k">SELECT</span><span class="w"> </span><span class="o">*</span><span class="w"> </span><span class="k">FROM</span><span class="w"> </span><span class="n">all_data</span><span class="p">;</span>
<span class="w"> </span><span class="n">QUERY</span><span class="w"> </span><span class="n">PLAN</span>
<span class="c1">----------------------------------------------------------------</span>
<span class="w"> </span><span class="n">id</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="k">operation</span>
<span class="w"> </span><span class="c1">----+------------------------------</span>
<span class="w"> </span><span class="mi">1</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="o">-&gt;</span><span class="w"> </span><span class="n">Streaming</span><span class="w"> </span><span class="p">(</span><span class="k">type</span><span class="p">:</span><span class="w"> </span><span class="n">GATHER</span><span class="p">)</span>
<span class="w"> </span><span class="mi">2</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="o">-&gt;</span><span class="w"> </span><span class="n">Seq</span><span class="w"> </span><span class="n">Scan</span><span class="w"> </span><span class="k">on</span><span class="w"> </span><span class="n">all_data</span>
<span class="w"> </span><span class="n">Predicate</span><span class="w"> </span><span class="n">Information</span><span class="w"> </span><span class="p">(</span><span class="n">identified</span><span class="w"> </span><span class="k">by</span><span class="w"> </span><span class="n">plan</span><span class="w"> </span><span class="n">id</span><span class="p">)</span>
<span class="w"> </span><span class="c1">--------------------------------------------------------------</span>
<span class="w"> </span><span class="mi">2</span><span class="w"> </span><span class="c1">--Seq Scan on all_data</span>
<span class="w"> </span><span class="n">Filter</span><span class="p">:</span><span class="w"> </span><span class="p">((</span><span class="k">role</span><span class="p">)::</span><span class="n">name</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s1">'alice'</span><span class="p">::</span><span class="n">name</span><span class="p">)</span>
<span class="w"> </span><span class="n">Notice</span><span class="p">:</span><span class="w"> </span><span class="n">This</span><span class="w"> </span><span class="n">query</span><span class="w"> </span><span class="k">is</span><span class="w"> </span><span class="n">influenced</span><span class="w"> </span><span class="k">by</span><span class="w"> </span><span class="k">row</span><span class="w"> </span><span class="k">level</span><span class="w"> </span><span class="k">security</span><span class="w"> </span><span class="n">feature</span>
<span class="w"> </span><span class="o">======</span><span class="w"> </span><span class="n">Query</span><span class="w"> </span><span class="n">Summary</span><span class="w"> </span><span class="o">=====</span>
<span class="w"> </span><span class="c1">-------------------------------</span>
<span class="w"> </span><span class="k">System</span><span class="w"> </span><span class="n">available</span><span class="w"> </span><span class="n">mem</span><span class="p">:</span><span class="w"> </span><span class="mi">4833280</span><span class="n">KB</span>
<span class="w"> </span><span class="n">Query</span><span class="w"> </span><span class="k">Max</span><span class="w"> </span><span class="n">mem</span><span class="p">:</span><span class="w"> </span><span class="mi">4833280</span><span class="n">KB</span>
<span class="w"> </span><span class="n">Query</span><span class="w"> </span><span class="n">estimated</span><span class="w"> </span><span class="n">mem</span><span class="p">:</span><span class="w"> </span><span class="mi">1024</span><span class="n">KB</span>
<span class="p">(</span><span class="mi">16</span><span class="w"> </span><span class="k">rows</span><span class="p">)</span>
</pre></div></td></tr></table></div>
</div>
</p></li><li id="EN-US_TOPIC_0000001233761731__li838721355517"><span>Switch to user <strong id="EN-US_TOPIC_0000001233761731__b71751912155613">peter</strong> and query the data in table <strong id="EN-US_TOPIC_0000001233761731__b19175181213569">all_data</strong>. The query result shows that the row-level access control policy takes effect. User <strong id="EN-US_TOPIC_0000001233761731__b4731209566">peter</strong> can only view its own data.</span><p><div class="codecoloring" codetype="Sql" id="EN-US_TOPIC_0000001233761731__screen1330885111591"><div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span>
<span class="normal">2</span>
<span class="normal">3</span>
<span class="normal">4</span>
<span class="normal">5</span>
<span class="normal">6</span>
<span class="normal">7</span></pre></div></td><td class="code"><div><pre><span></span><span class="k">SET</span><span class="w"> </span><span class="k">ROLE</span><span class="w"> </span><span class="n">peter</span><span class="w"> </span><span class="n">PASSWORD</span><span class="w"> </span><span class="s1">'********'</span><span class="p">;</span>
<span class="k">SELECT</span><span class="w"> </span><span class="o">*</span><span class="w"> </span><span class="k">FROM</span><span class="w"> </span><span class="n">all_data</span><span class="p">;</span>
<span class="w"> </span><span class="n">id</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="k">role</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="k">data</span>
<span class="c1">----+-------+------------</span>
<span class="w"> </span><span class="mi">3</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">peter</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">peter</span><span class="w"> </span><span class="k">data</span>
<span class="p">(</span><span class="mi">1</span><span class="w"> </span><span class="k">row</span><span class="p">)</span>
</pre></div></td></tr></table></div>
</div>
<p id="EN-US_TOPIC_0000001233761731__p1321623918337">The execution plan of the table query is displayed, indicating that the query of table <strong id="EN-US_TOPIC_0000001233761731__b1767943913718">all_data</strong> is under the row-level access control.</p>
<div class="codecoloring" codetype="Sql" id="EN-US_TOPIC_0000001233761731__screen09419285310"><div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal"> 1</span>
<span class="normal"> 2</span>
<span class="normal"> 3</span>
<span class="normal"> 4</span>
<span class="normal"> 5</span>
<span class="normal"> 6</span>
<span class="normal"> 7</span>
<span class="normal"> 8</span>
<span class="normal"> 9</span>
<span class="normal">10</span>
<span class="normal">11</span>
<span class="normal">12</span>
<span class="normal">13</span>
<span class="normal">14</span>
<span class="normal">15</span>
<span class="normal">16</span>
<span class="normal">17</span>
<span class="normal">18</span>
<span class="normal">19</span>
<span class="normal">20</span></pre></div></td><td class="code"><div><pre><span></span><span class="k">EXPLAIN</span><span class="p">(</span><span class="n">COSTS</span><span class="w"> </span><span class="k">OFF</span><span class="p">)</span><span class="w"> </span><span class="k">SELECT</span><span class="w"> </span><span class="o">*</span><span class="w"> </span><span class="k">FROM</span><span class="w"> </span><span class="n">all_data</span><span class="p">;</span>
<span class="w"> </span><span class="n">QUERY</span><span class="w"> </span><span class="n">PLAN</span>
<span class="c1">----------------------------------------------------------------</span>
<span class="w"> </span><span class="n">id</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="k">operation</span>
<span class="w"> </span><span class="c1">----+------------------------------</span>
<span class="w"> </span><span class="mi">1</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="o">-&gt;</span><span class="w"> </span><span class="n">Streaming</span><span class="w"> </span><span class="p">(</span><span class="k">type</span><span class="p">:</span><span class="w"> </span><span class="n">GATHER</span><span class="p">)</span>
<span class="w"> </span><span class="mi">2</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="o">-&gt;</span><span class="w"> </span><span class="n">Seq</span><span class="w"> </span><span class="n">Scan</span><span class="w"> </span><span class="k">on</span><span class="w"> </span><span class="n">all_data</span>
<span class="w"> </span><span class="n">Predicate</span><span class="w"> </span><span class="n">Information</span><span class="w"> </span><span class="p">(</span><span class="n">identified</span><span class="w"> </span><span class="k">by</span><span class="w"> </span><span class="n">plan</span><span class="w"> </span><span class="n">id</span><span class="p">)</span>
<span class="w"> </span><span class="c1">--------------------------------------------------------------</span>
<span class="w"> </span><span class="mi">2</span><span class="w"> </span><span class="c1">--Seq Scan on all_data</span>
<span class="w"> </span><span class="n">Filter</span><span class="p">:</span><span class="w"> </span><span class="p">((</span><span class="k">role</span><span class="p">)::</span><span class="n">name</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s1">'peter'</span><span class="p">::</span><span class="n">name</span><span class="p">)</span>
<span class="w"> </span><span class="n">Notice</span><span class="p">:</span><span class="w"> </span><span class="n">This</span><span class="w"> </span><span class="n">query</span><span class="w"> </span><span class="k">is</span><span class="w"> </span><span class="n">influenced</span><span class="w"> </span><span class="k">by</span><span class="w"> </span><span class="k">row</span><span class="w"> </span><span class="k">level</span><span class="w"> </span><span class="k">security</span><span class="w"> </span><span class="n">feature</span>
<span class="w"> </span><span class="o">======</span><span class="w"> </span><span class="n">Query</span><span class="w"> </span><span class="n">Summary</span><span class="w"> </span><span class="o">=====</span>
<span class="w"> </span><span class="c1">-------------------------------</span>
<span class="w"> </span><span class="k">System</span><span class="w"> </span><span class="n">available</span><span class="w"> </span><span class="n">mem</span><span class="p">:</span><span class="w"> </span><span class="mi">4833280</span><span class="n">KB</span>
<span class="w"> </span><span class="n">Query</span><span class="w"> </span><span class="k">Max</span><span class="w"> </span><span class="n">mem</span><span class="p">:</span><span class="w"> </span><span class="mi">4833280</span><span class="n">KB</span>
<span class="w"> </span><span class="n">Query</span><span class="w"> </span><span class="n">estimated</span><span class="w"> </span><span class="n">mem</span><span class="p">:</span><span class="w"> </span><span class="mi">1024</span><span class="n">KB</span>
<span class="p">(</span><span class="mi">16</span><span class="w"> </span><span class="k">rows</span><span class="p">)</span>
</pre></div></td></tr></table></div>
</div>
</p></li></ol>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="dws_04_0994.html">Sensitive Data Management</a></div>
</div>
</div>
View Git Blame Copy Permalink