SQL Block Rule

Support SQL block rule by user level, by regex way to deny specify SQL

Rule

SQL block rule CRUD

  • create SQL block rule
    • sql:Regex pattern,Special characters need to be translated
    • sqlHash: Sql hash value, Used to match exactly, We print it in fe.audit.log
    • global: Whether global(all users)is in effect, false by default
    • enable:Whether to enable block rule,true by default
  1. CREATE SQL_BLOCK_RULE test_rule PROPERTIES("sql"="select \\* from test_table","sqlHash":null,"global"="false","enable"="true")
  • show configured SQL block rules, or show all rules if you do not specify a rule name
  1. SHOW SQL_BLOCK_RULE [FOR RULE_NAME]
  • alter SQL block rule,Allows changes sql/global/enable anyone
  1. ALTER SQL_BLOCK_RULE test_rule PROPERTIES("sql"="select \\* from test_table","enable"="true")
  • drop SQL block rule,Support multiple rules, separated by ,
  1. DROP SQL_BLOCK_RULE test_rule1,test_rule2

User bind rules

If global=false is configured, the rules binding for the specified user needs to be configured, with multiple rules separated by ‘, ‘

  1. SET PROPERTY [FOR 'jack'] 'sql_block_rules' = 'test_rule1,test_rule2'