vpruthi/doc-exports
1
0
Fork 0
forked from docs/doc-exports
Code Pull Requests Activity
doc-exports/docs/dws/dev/dws_06_0135.html
Lu, Huayi e6fa411af0 DWS DEV 830.201 version 
Reviewed-by: Pruthi, Vineet <vineet.pruthi@t-systems.com>
Co-authored-by: Lu, Huayi <luhuayi@huawei.com>
Co-committed-by: Lu, Huayi <luhuayi@huawei.com>
2024-05-16 07:24:04 +00:00

81 lines
15 KiB
HTML
Raw Blame History

<a name="EN-US_TOPIC_0000001233510127"></a><a name="EN-US_TOPIC_0000001233510127"></a>
<h1 class="topictitle1">ALTER ROW LEVEL SECURITY POLICY</h1>
<div id="body1560407392208"><div class="section" id="EN-US_TOPIC_0000001233510127__section196521854173211"><h4 class="sectiontitle">Function</h4><p id="EN-US_TOPIC_0000001233510127__p9688122114409"><strong id="EN-US_TOPIC_0000001233510127__b14407714412">ALTER ROW LEVEL SECURITY POLICY</strong> modifies an existing row-level access control policy, including the policy name and the users and expressions affected by the policy.</p>
</div>
<div class="section" id="EN-US_TOPIC_0000001233510127__section12765201893310"><h4 class="sectiontitle">Precautions</h4><p id="EN-US_TOPIC_0000001233510127__p4506162315333">Only the table owner or administrators can perform this operation.</p>
</div>
<div class="section" id="EN-US_TOPIC_0000001233510127__section16798192723415"><h4 class="sectiontitle">Syntax</h4><div class="codecoloring" codetype="Sql" id="EN-US_TOPIC_0000001233510127__s406f02107ea34794962476b1aeb9cde9"><div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span>
<span class="normal">2</span>
<span class="normal">3</span>
<span class="normal">4</span>
<span class="normal">5</span></pre></div></td><td class="code"><div><pre><span></span><span class="k">ALTER</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="k">ROW</span><span class="w"> </span><span class="k">LEVEL</span><span class="w"> </span><span class="k">SECURITY</span><span class="w"> </span><span class="p">]</span><span class="w"> </span><span class="n">POLICY</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="k">IF</span><span class="w"> </span><span class="k">EXISTS</span><span class="w"> </span><span class="p">]</span><span class="w"> </span><span class="n">policy_name</span><span class="w"> </span><span class="k">ON</span><span class="w"> </span><span class="k">table_name</span><span class="w"> </span><span class="k">RENAME</span><span class="w"> </span><span class="k">TO</span><span class="w"> </span><span class="n">new_policy_name</span>
<span class="k">ALTER</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="k">ROW</span><span class="w"> </span><span class="k">LEVEL</span><span class="w"> </span><span class="k">SECURITY</span><span class="w"> </span><span class="p">]</span><span class="w"> </span><span class="n">POLICY</span><span class="w"> </span><span class="n">policy_name</span><span class="w"> </span><span class="k">ON</span><span class="w"> </span><span class="k">table_name</span>
<span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="k">TO</span><span class="w"> </span><span class="err">{</span><span class="w"> </span><span class="n">role_name</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="k">PUBLIC</span><span class="w"> </span><span class="err">}</span><span class="w"> </span><span class="p">[,</span><span class="w"> </span><span class="p">...]</span><span class="w"> </span><span class="p">]</span>
<span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="k">USING</span><span class="w"> </span><span class="p">(</span><span class="w"> </span><span class="n">using_expression</span><span class="w"> </span><span class="p">)</span><span class="w"> </span><span class="p">]</span>
</pre></div></td></tr></table></div>
</div>
</div>
<div class="section" id="EN-US_TOPIC_0000001233510127__section11851526346"><h4 class="sectiontitle">Parameter Description</h4><ul id="EN-US_TOPIC_0000001233510127__ul1797082105710"><li id="EN-US_TOPIC_0000001233510127__l10d04a708e44432c8552ce5ae19edc79"><strong id="EN-US_TOPIC_0000001233510127__b6885143818182">policy_name</strong><p id="EN-US_TOPIC_0000001233510127__aa7b5db6826fb4cb2b492870e9a57f6e9">Specifies the name of a row-level access control policy to be modified.</p>
</li><li id="EN-US_TOPIC_0000001233510127__ld8389117085641808615b13f1a9db00e"><strong id="EN-US_TOPIC_0000001233510127__b3699184141811">table_name</strong><p id="EN-US_TOPIC_0000001233510127__a618a27d6c2d648e488b84233937ff15c">Specifies the name of a table to which a row-level access control policy is applied.</p>
</li><li id="EN-US_TOPIC_0000001233510127__li16319425124416"><strong id="EN-US_TOPIC_0000001233510127__b491154412187">new_policy_name</strong><p id="EN-US_TOPIC_0000001233510127__p52581226154415">Specifies the new name of a row-level access control policy.</p>
</li><li id="EN-US_TOPIC_0000001233510127__li514025194412"><strong id="EN-US_TOPIC_0000001233510127__b13325114811187">role_name</strong><p id="EN-US_TOPIC_0000001233510127__p1214035154417">Specifies names of users affected by a row-level access control policy will be applied. <strong id="EN-US_TOPIC_0000001233510127__b1876615590451">PUBLIC</strong> indicates that the row-level access control policy will affect all users.</p>
</li><li id="EN-US_TOPIC_0000001233510127__li12432161113234"><strong id="EN-US_TOPIC_0000001233510127__b336895114181">using_expression</strong><p id="EN-US_TOPIC_0000001233510127__p194321011172315">Specifies an expression defined for a row-level access control policy. The return value is of the boolean type.</p>
</li></ul>
</div>
<div class="section" id="EN-US_TOPIC_0000001233510127__section17979101023515"><h4 class="sectiontitle">Examples</h4><p id="EN-US_TOPIC_0000001233510127__p17139105484616">Create example users <strong id="EN-US_TOPIC_0000001233510127__b1086118266301">role_a</strong> and <strong id="EN-US_TOPIC_0000001233510127__b89745291308">role_b</strong>.</p>
<div class="codecoloring" codetype="Sql" id="EN-US_TOPIC_0000001233510127__screen329014393515"><div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span>
<span class="normal">2</span></pre></div></td><td class="code"><div><pre><span></span><span class="k">CREATE</span><span class="w"> </span><span class="k">ROLE</span><span class="w"> </span><span class="n">role_a</span><span class="w"> </span><span class="n">PASSWORD</span><span class="w"> </span><span class="s1">'{Password}'</span><span class="p">;</span>
<span class="k">CREATE</span><span class="w"> </span><span class="k">ROLE</span><span class="w"> </span><span class="n">role_b</span><span class="w"> </span><span class="n">PASSWORD</span><span class="w"> </span><span class="s1">'{Password}'</span><span class="p">;</span>
</pre></div></td></tr></table></div>
</div>
<p id="EN-US_TOPIC_0000001233510127__p12139135404620">Create example data table <strong id="EN-US_TOPIC_0000001233510127__b528612543114">public.all_data_t</strong> and insert data into it.</p>
<div class="codecoloring" codetype="Sql" id="EN-US_TOPIC_0000001233510127__screen155040512544"><div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span>
<span class="normal">2</span>
<span class="normal">3</span>
<span class="normal">4</span></pre></div></td><td class="code"><div><pre><span></span><span class="k">CREATE</span><span class="w"> </span><span class="k">TABLE</span><span class="w"> </span><span class="k">public</span><span class="p">.</span><span class="n">all_data_t</span><span class="p">(</span><span class="n">id</span><span class="w"> </span><span class="nb">int</span><span class="p">,</span><span class="w"> </span><span class="k">role</span><span class="w"> </span><span class="nb">varchar</span><span class="p">(</span><span class="mi">100</span><span class="p">),</span><span class="w"> </span><span class="k">data</span><span class="w"> </span><span class="nb">varchar</span><span class="p">(</span><span class="mi">100</span><span class="p">));</span>
<span class="k">INSERT</span><span class="w"> </span><span class="k">INTO</span><span class="w"> </span><span class="n">all_data_t</span><span class="w"> </span><span class="k">VALUES</span><span class="p">(</span><span class="mi">1</span><span class="p">,</span><span class="w"> </span><span class="s1">'role_a'</span><span class="p">,</span><span class="w"> </span><span class="s1">'r_a_data'</span><span class="p">);</span>
<span class="k">INSERT</span><span class="w"> </span><span class="k">INTO</span><span class="w"> </span><span class="n">all_data_t</span><span class="w"> </span><span class="k">VALUES</span><span class="p">(</span><span class="mi">2</span><span class="p">,</span><span class="w"> </span><span class="s1">'role_b'</span><span class="p">,</span><span class="w"> </span><span class="s1">'r_b_data'</span><span class="p">);</span>
<span class="k">INSERT</span><span class="w"> </span><span class="k">INTO</span><span class="w"> </span><span class="n">all_data_t</span><span class="w"> </span><span class="k">VALUES</span><span class="p">(</span><span class="mi">3</span><span class="p">,</span><span class="w"> </span><span class="s1">'role_c'</span><span class="p">,</span><span class="w"> </span><span class="s1">'r_c_data'</span><span class="p">);</span>
</pre></div></td></tr></table></div>
</div>
<p id="EN-US_TOPIC_0000001233510127__p14137165434613">Create a row-level access control policy.</p>
<div class="codecoloring" codetype="Sql" id="EN-US_TOPIC_0000001233510127__screen42731683586"><div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span></pre></div></td><td class="code"><div><pre><span></span><span class="k">CREATE</span><span class="w"> </span><span class="k">ROW</span><span class="w"> </span><span class="k">LEVEL</span><span class="w"> </span><span class="k">SECURITY</span><span class="w"> </span><span class="n">POLICY</span><span class="w"> </span><span class="n">all_data_t_rls</span><span class="w"> </span><span class="k">ON</span><span class="w"> </span><span class="n">all_data_t</span><span class="w"> </span><span class="k">USING</span><span class="p">(</span><span class="k">role</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="k">CURRENT_USER</span><span class="p">);</span>
</pre></div></td></tr></table></div>
</div>
<p id="EN-US_TOPIC_0000001233510127__p78971615372">Enable row-level access control.</p>
<div class="codecoloring" codetype="Sql" id="EN-US_TOPIC_0000001233510127__screen6829643143711"><div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span></pre></div></td><td class="code"><div><pre><span></span><span class="k">ALTER</span><span class="w"> </span><span class="k">TABLE</span><span class="w"> </span><span class="n">all_data_t</span><span class="w"> </span><span class="n">ENABLE</span><span class="w"> </span><span class="k">ROW</span><span class="w"> </span><span class="k">LEVEL</span><span class="w"> </span><span class="k">SECURITY</span><span class="p">;</span>
</pre></div></td></tr></table></div>
</div>
<p id="EN-US_TOPIC_0000001233510127__p78911161372">Change the name of the <strong id="EN-US_TOPIC_0000001233510127__b34290802833423">all_data_rls</strong> policy.</p>
<div class="codecoloring" codetype="Sql" id="EN-US_TOPIC_0000001233510127__screen393653203818"><div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span></pre></div></td><td class="code"><div><pre><span></span><span class="k">ALTER</span><span class="w"> </span><span class="k">ROW</span><span class="w"> </span><span class="k">LEVEL</span><span class="w"> </span><span class="k">SECURITY</span><span class="w"> </span><span class="n">POLICY</span><span class="w"> </span><span class="n">all_data_t_rls</span><span class="w"> </span><span class="k">ON</span><span class="w"> </span><span class="n">all_data_t</span><span class="w"> </span><span class="k">RENAME</span><span class="w"> </span><span class="k">TO</span><span class="w"> </span><span class="n">all_data_t_newrls</span><span class="p">;</span>
</pre></div></td></tr></table></div>
</div>
<p id="EN-US_TOPIC_0000001233510127__p18919164372">Change the users affected by the row-level access control policy.</p>
<div class="codecoloring" codetype="Sql" id="EN-US_TOPIC_0000001233510127__screen2619151943816"><div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span></pre></div></td><td class="code"><div><pre><span></span><span class="k">ALTER</span><span class="w"> </span><span class="k">ROW</span><span class="w"> </span><span class="k">LEVEL</span><span class="w"> </span><span class="k">SECURITY</span><span class="w"> </span><span class="n">POLICY</span><span class="w"> </span><span class="n">all_data_t_newrls</span><span class="w"> </span><span class="k">ON</span><span class="w"> </span><span class="n">all_data_t</span><span class="w"> </span><span class="k">TO</span><span class="w"> </span><span class="n">role_a</span><span class="p">,</span><span class="w"> </span><span class="n">role_b</span><span class="p">;</span>
</pre></div></td></tr></table></div>
</div>
<p id="EN-US_TOPIC_0000001233510127__p1188121683711">Modify the expression defined for the access control policy.</p>
<div class="codecoloring" codetype="Sql" id="EN-US_TOPIC_0000001233510127__screen8401164315385"><div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span></pre></div></td><td class="code"><div><pre><span></span><span class="k">ALTER</span><span class="w"> </span><span class="k">ROW</span><span class="w"> </span><span class="k">LEVEL</span><span class="w"> </span><span class="k">SECURITY</span><span class="w"> </span><span class="n">POLICY</span><span class="w"> </span><span class="n">all_data_t_newrls</span><span class="w"> </span><span class="k">ON</span><span class="w"> </span><span class="n">all_data_t</span><span class="w"> </span><span class="k">USING</span><span class="w"> </span><span class="p">(</span><span class="n">id</span><span class="w"> </span><span class="o">&gt;</span><span class="w"> </span><span class="mi">100</span><span class="w"> </span><span class="k">AND</span><span class="w"> </span><span class="k">role</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="k">current_user</span><span class="p">);</span>
</pre></div></td></tr></table></div>
</div>
</div>
<div class="section" id="EN-US_TOPIC_0000001233510127__section1426016489355"><h4 class="sectiontitle">Helpful Links</h4><p id="EN-US_TOPIC_0000001233510127__p9325125517354"><a href="dws_06_0169.html">CREATE ROW LEVEL SECURITY POLICY</a>, <a href="dws_06_0200.html">DROP ROW LEVEL SECURITY POLICY</a></p>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="dws_06_0118.html">DDL Syntax</a></div>
</div>
</div>
View Git Blame Copy Permalink