ALTER POLICY

Synopsis

Use the ALTER POLICY statement to change the definition of an existing row level security policy. It can be used tochange the roles that the policy applies to and the USING and CHECK expressions of the policy.

Syntax

  1. alter_policy ::= ALTER POLICY name ON table_name 
  2.                  [ TO { role_name
  3.                         | PUBLIC
  4.                         | CURRENT_USER
  5.                         | SESSION_USER } [ , ... ] ] 
  6.                  [ USING ( using_expression ) ] 
  7.                  [ WITH CHECK ( check_expression ) ]
  9. alter_policy_rename ::= ALTER POLICY name ON table_name RENAME TO 
  10.                         new_name

alter_policy

ALTER POLICY - 图1

alter_policy_rename

ALTER POLICY - 图2

Where

  • name is the name of the policy being updated.
  • table_name is the name of the table on which the policy applies.
  • new_name is the new name of the policy.
  • role_name is the role(s) to which the policy applies. Use PUBLIC if the policy should beapplied to all roles.
  • using_expression is a SQL conditional expression. Only rows for which the condition returns totrue will be visible in a SELECT and available for modification in an UPDATE or DELETE.
  • check_expression is a SQL conditional expression that is used only for INSERT and UPDATEqueries. Only rows for which the expression evaluates to true will be allowed in an INSERT orUPDATE. Note that unlike using_expression, this is evaluated against the proposed new contentsof the row.

Examples

  • Rename a policy.
  1. yugabyte=# ALTER POLICY p1 ON table_foo RENAME TO p2;
  • Apply policy to all roles.
  1. yugabyte=# ALTER POLICY p1 ON table_foo TO PUBLIC;

See also