跳到主要内容

CREATE ROW POLICY

描述

创建行安全策略,Explain 可以查看改写后的执行计划。

语法

CREATE ROW POLICY [ IF NOT EXISTS ] <policy_name> 
ON <table_name> 
AS { RESTRICTIVE | PERMISSIVE } 
TO { <user_name> | ROLE <role_name> } 
USING (<filter>);

必选参数

  1. <policy_name>: 行安全策略名称

  2. <table_name>: 表名称

  3. <filter_type>: RESTRICTIVE 将一组策略通过 AND 连接,PERMISSIVE 将一组策略通过 OR 连接

  4. <filter>: 相当于查询语句的过滤条件,例如:id=1

可选参数

  1. <user_name>: 用户名称,不允许对 root 和 admin 用户创建

  2. <role_name>: 角色名称

权限控制

执行此 SQL 命令的用户必须至少具有以下权限:

权限(Privilege)对象(Object)说明(Notes)
ADMIN_PRIV 或 GRANT_PRIV全局

示例

  1. 创建一组行安全策略

    CREATE ROW POLICY test_row_policy_1 ON test.table1 
    AS RESTRICTIVE TO test USING (c1 = 'a');
    CREATE ROW POLICY test_row_policy_2 ON test.table1 
    AS RESTRICTIVE TO test USING (c2 = 'b');
    CREATE ROW POLICY test_row_policy_3 ON test.table1 
    AS PERMISSIVE TO test USING (c3 = 'c');
    CREATE ROW POLICY test_row_policy_3 ON test.table1 
    AS PERMISSIVE TO test USING (c4 = 'd');

    当我们执行对 table1 的查询时被改写后的 sql 为

    SELECT * FROM (SELECT * FROM table1 WHERE c1 = 'a' AND c2 = 'b' OR c3 = 'c' OR c4 = 'd')
Report issue
ASF
Resources
Community
Join the community
Copyright © 2024 The Apache Software Foundation,Licensed under the Apache License, Version 2.0. Apache, Doris, Apache Doris, the Apache feather logo and the Apache Doris logo are trademarks of The Apache Software Foundation.