mirror of
https://github.com/ClickHouse/ClickHouse.git
synced 2024-11-10 01:25:21 +00:00
SHOW CREATE ROW POLICY now always shows AS permissive/restrictive if there is TO section.
This commit is contained in:
Vitaly Baranov
Vitaly Baranov
parent
3e950d79b3
commit
98e48d7b54
@ -37,8 +37,8 @@ namespace
|
||||
|
||||
if (override_to_roles)
|
||||
policy.to_roles = *override_to_roles;
|
||||
else if (query.roles)
|
||||
policy.to_roles = *query.roles;
|
||||
else if (query.to_roles)
|
||||
policy.to_roles = *query.to_roles;
|
||||
}
|
||||
}
|
||||
|
||||
@ -61,8 +61,8 @@ BlockIO InterpreterCreateRowPolicyQuery::execute()
|
||||
query.replaceEmptyDatabase(getContext()->getCurrentDatabase());
|
||||
|
||||
std::optional<RolesOrUsersSet> roles_from_query;
|
||||
if (query.roles)
|
||||
roles_from_query = RolesOrUsersSet{*query.roles, access_control, getContext()->getUserID()};
|
||||
if (query.to_roles)
|
||||
roles_from_query = RolesOrUsersSet{*query.to_roles, access_control, getContext()->getUserID()};
|
||||
|
||||
if (query.alter)
|
||||
{
|
||||
|
||||
@ -190,9 +190,6 @@ namespace
|
||||
query->names->full_names.emplace_back(policy.getFullName());
|
||||
query->attach = attach_mode;
|
||||
|
||||
if (policy.getKind() != RowPolicyKind::PERMISSIVE)
|
||||
query->kind = policy.getKind();
|
||||
|
||||
for (auto type : collections::range(RowPolicyFilterType::MAX))
|
||||
{
|
||||
const auto & filter = policy.filters[static_cast<size_t>(type)];
|
||||
@ -206,10 +203,11 @@ namespace
|
||||
|
||||
if (!policy.to_roles.empty())
|
||||
{
|
||||
query->kind = policy.getKind();
|
||||
if (attach_mode)
|
||||
query->roles = policy.to_roles.toAST();
|
||||
query->to_roles = policy.to_roles.toAST();
|
||||
else
|
||||
query->roles = policy.to_roles.toASTWithNames(*access_control);
|
||||
query->to_roles = policy.to_roles.toASTWithNames(*access_control);
|
||||
}
|
||||
|
||||
return query;
|
||||
|
||||
@ -156,20 +156,20 @@ void ASTCreateRowPolicyQuery::formatImpl(const FormatSettings & settings, Format
|
||||
if (!new_short_name.empty())
|
||||
formatRenameTo(new_short_name, settings);
|
||||
|
||||
formatForClauses(filters, alter, settings);
|
||||
|
||||
if (kind)
|
||||
formatAsKind(*kind, settings);
|
||||
|
||||
formatForClauses(filters, alter, settings);
|
||||
|
||||
if (roles && (!roles->empty() || alter))
|
||||
formatToRoles(*roles, settings);
|
||||
if (to_roles)
|
||||
formatToRoles(*to_roles, settings);
|
||||
}
|
||||
|
||||
|
||||
void ASTCreateRowPolicyQuery::replaceCurrentUserTag(const String & current_user_name) const
|
||||
{
|
||||
if (roles)
|
||||
roles->replaceCurrentUserTag(current_user_name);
|
||||
if (to_roles)
|
||||
to_roles->replaceCurrentUserTag(current_user_name);
|
||||
}
|
||||
|
||||
void ASTCreateRowPolicyQuery::replaceEmptyDatabase(const String & current_database) const
|
||||
|
||||
@ -39,10 +39,10 @@ public:
|
||||
std::shared_ptr<ASTRowPolicyNames> names;
|
||||
String new_short_name;
|
||||
|
||||
std::optional<RowPolicyKind> kind;
|
||||
std::vector<std::pair<RowPolicyFilterType, ASTPtr>> filters; /// `nullptr` means set to NONE.
|
||||
|
||||
std::shared_ptr<ASTRolesOrUsersSet> roles;
|
||||
std::optional<RowPolicyKind> kind;
|
||||
std::shared_ptr<ASTRolesOrUsersSet> to_roles;
|
||||
|
||||
String getID(char) const override;
|
||||
ASTPtr clone() const override;
|
||||
|
||||
@ -274,8 +274,8 @@ bool ParserCreateRowPolicyQuery::parseImpl(Pos & pos, ASTPtr & node, Expected &
|
||||
break;
|
||||
}
|
||||
|
||||
std::shared_ptr<ASTRolesOrUsersSet> roles;
|
||||
parseToRoles(pos, expected, attach_mode, roles);
|
||||
std::shared_ptr<ASTRolesOrUsersSet> to_roles;
|
||||
parseToRoles(pos, expected, attach_mode, to_roles);
|
||||
|
||||
if (cluster.empty())
|
||||
parseOnCluster(pos, expected, cluster);
|
||||
@ -293,7 +293,7 @@ bool ParserCreateRowPolicyQuery::parseImpl(Pos & pos, ASTPtr & node, Expected &
|
||||
query->new_short_name = std::move(new_short_name);
|
||||
query->kind = kind;
|
||||
query->filters = std::move(filters);
|
||||
query->roles = std::move(roles);
|
||||
query->to_roles = std::move(to_roles);
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
@ -42,7 +42,7 @@ def test_create():
|
||||
assert instance.query(
|
||||
"SHOW CREATE USER u2") == "CREATE USER u2 IDENTIFIED WITH sha256_password HOST LOCAL DEFAULT ROLE rx\n"
|
||||
assert instance.query(
|
||||
"SHOW CREATE ROW POLICY p ON mydb.mytable") == "CREATE ROW POLICY p ON mydb.mytable FOR SELECT USING a < 1000 TO u1, u2\n"
|
||||
"SHOW CREATE ROW POLICY p ON mydb.mytable") == "CREATE ROW POLICY p ON mydb.mytable FOR SELECT USING a < 1000 AS permissive TO u1, u2\n"
|
||||
assert instance.query(
|
||||
"SHOW CREATE QUOTA q") == "CREATE QUOTA q FOR INTERVAL 1 hour MAX queries = 100 TO ALL EXCEPT rx\n"
|
||||
assert instance.query("SHOW GRANTS FOR u1") == ""
|
||||
|
||||
@ -292,49 +292,49 @@ def test_dcl_introspection():
|
||||
"default ON mydb.local"])
|
||||
|
||||
assert node.query(
|
||||
"SHOW CREATE POLICY default ON mydb.filtered_table1") == "CREATE ROW POLICY default ON mydb.filtered_table1 FOR SELECT USING a = 1 TO default\n"
|
||||
"SHOW CREATE POLICY default ON mydb.filtered_table1") == "CREATE ROW POLICY default ON mydb.filtered_table1 FOR SELECT USING a = 1 AS permissive TO default\n"
|
||||
assert node.query(
|
||||
"SHOW CREATE POLICY default ON mydb.filtered_table2") == "CREATE ROW POLICY default ON mydb.filtered_table2 FOR SELECT USING ((a + b) < 1) OR ((c - d) > 5) TO default\n"
|
||||
"SHOW CREATE POLICY default ON mydb.filtered_table2") == "CREATE ROW POLICY default ON mydb.filtered_table2 FOR SELECT USING ((a + b) < 1) OR ((c - d) > 5) AS permissive TO default\n"
|
||||
assert node.query(
|
||||
"SHOW CREATE POLICY default ON mydb.filtered_table3") == "CREATE ROW POLICY default ON mydb.filtered_table3 FOR SELECT USING c = 1 TO default\n"
|
||||
"SHOW CREATE POLICY default ON mydb.filtered_table3") == "CREATE ROW POLICY default ON mydb.filtered_table3 FOR SELECT USING c = 1 AS permissive TO default\n"
|
||||
assert node.query(
|
||||
"SHOW CREATE POLICY default ON mydb.local") == "CREATE ROW POLICY default ON mydb.local FOR SELECT USING 1 TO default\n"
|
||||
"SHOW CREATE POLICY default ON mydb.local") == "CREATE ROW POLICY default ON mydb.local FOR SELECT USING 1 AS permissive TO default\n"
|
||||
|
||||
assert node.query("SHOW CREATE POLICY default") == TSV(
|
||||
["CREATE ROW POLICY default ON mydb.filtered_table1 FOR SELECT USING a = 1 TO default",
|
||||
"CREATE ROW POLICY default ON mydb.filtered_table2 FOR SELECT USING ((a + b) < 1) OR ((c - d) > 5) TO default",
|
||||
"CREATE ROW POLICY default ON mydb.filtered_table3 FOR SELECT USING c = 1 TO default",
|
||||
"CREATE ROW POLICY default ON mydb.local FOR SELECT USING 1 TO default"])
|
||||
["CREATE ROW POLICY default ON mydb.filtered_table1 FOR SELECT USING a = 1 AS permissive TO default",
|
||||
"CREATE ROW POLICY default ON mydb.filtered_table2 FOR SELECT USING ((a + b) < 1) OR ((c - d) > 5) AS permissive TO default",
|
||||
"CREATE ROW POLICY default ON mydb.filtered_table3 FOR SELECT USING c = 1 AS permissive TO default",
|
||||
"CREATE ROW POLICY default ON mydb.local FOR SELECT USING 1 AS permissive TO default"])
|
||||
assert node.query("SHOW CREATE POLICIES ON mydb.filtered_table1") == TSV(
|
||||
["CREATE ROW POLICY another ON mydb.filtered_table1 FOR SELECT USING 1 TO another",
|
||||
"CREATE ROW POLICY default ON mydb.filtered_table1 FOR SELECT USING a = 1 TO default"])
|
||||
["CREATE ROW POLICY another ON mydb.filtered_table1 FOR SELECT USING 1 AS permissive TO another",
|
||||
"CREATE ROW POLICY default ON mydb.filtered_table1 FOR SELECT USING a = 1 AS permissive TO default"])
|
||||
assert node.query("SHOW CREATE POLICIES ON mydb.*") == TSV(
|
||||
["CREATE ROW POLICY another ON mydb.filtered_table1 FOR SELECT USING 1 TO another",
|
||||
"CREATE ROW POLICY another ON mydb.filtered_table2 FOR SELECT USING 1 TO another",
|
||||
"CREATE ROW POLICY another ON mydb.filtered_table3 FOR SELECT USING 1 TO another",
|
||||
"CREATE ROW POLICY another ON mydb.local FOR SELECT USING a = 1 TO another",
|
||||
"CREATE ROW POLICY default ON mydb.filtered_table1 FOR SELECT USING a = 1 TO default",
|
||||
"CREATE ROW POLICY default ON mydb.filtered_table2 FOR SELECT USING ((a + b) < 1) OR ((c - d) > 5) TO default",
|
||||
"CREATE ROW POLICY default ON mydb.filtered_table3 FOR SELECT USING c = 1 TO default",
|
||||
"CREATE ROW POLICY default ON mydb.local FOR SELECT USING 1 TO default"])
|
||||
["CREATE ROW POLICY another ON mydb.filtered_table1 FOR SELECT USING 1 AS permissive TO another",
|
||||
"CREATE ROW POLICY another ON mydb.filtered_table2 FOR SELECT USING 1 AS permissive TO another",
|
||||
"CREATE ROW POLICY another ON mydb.filtered_table3 FOR SELECT USING 1 AS permissive TO another",
|
||||
"CREATE ROW POLICY another ON mydb.local FOR SELECT USING a = 1 AS permissive TO another",
|
||||
"CREATE ROW POLICY default ON mydb.filtered_table1 FOR SELECT USING a = 1 AS permissive TO default",
|
||||
"CREATE ROW POLICY default ON mydb.filtered_table2 FOR SELECT USING ((a + b) < 1) OR ((c - d) > 5) AS permissive TO default",
|
||||
"CREATE ROW POLICY default ON mydb.filtered_table3 FOR SELECT USING c = 1 AS permissive TO default",
|
||||
"CREATE ROW POLICY default ON mydb.local FOR SELECT USING 1 AS permissive TO default"])
|
||||
assert node.query("SHOW CREATE POLICIES") == TSV(
|
||||
["CREATE ROW POLICY another ON mydb.filtered_table1 FOR SELECT USING 1 TO another",
|
||||
"CREATE ROW POLICY another ON mydb.filtered_table2 FOR SELECT USING 1 TO another",
|
||||
"CREATE ROW POLICY another ON mydb.filtered_table3 FOR SELECT USING 1 TO another",
|
||||
"CREATE ROW POLICY another ON mydb.local FOR SELECT USING a = 1 TO another",
|
||||
"CREATE ROW POLICY default ON mydb.filtered_table1 FOR SELECT USING a = 1 TO default",
|
||||
"CREATE ROW POLICY default ON mydb.filtered_table2 FOR SELECT USING ((a + b) < 1) OR ((c - d) > 5) TO default",
|
||||
"CREATE ROW POLICY default ON mydb.filtered_table3 FOR SELECT USING c = 1 TO default",
|
||||
"CREATE ROW POLICY default ON mydb.local FOR SELECT USING 1 TO default"])
|
||||
["CREATE ROW POLICY another ON mydb.filtered_table1 FOR SELECT USING 1 AS permissive TO another",
|
||||
"CREATE ROW POLICY another ON mydb.filtered_table2 FOR SELECT USING 1 AS permissive TO another",
|
||||
"CREATE ROW POLICY another ON mydb.filtered_table3 FOR SELECT USING 1 AS permissive TO another",
|
||||
"CREATE ROW POLICY another ON mydb.local FOR SELECT USING a = 1 AS permissive TO another",
|
||||
"CREATE ROW POLICY default ON mydb.filtered_table1 FOR SELECT USING a = 1 AS permissive TO default",
|
||||
"CREATE ROW POLICY default ON mydb.filtered_table2 FOR SELECT USING ((a + b) < 1) OR ((c - d) > 5) AS permissive TO default",
|
||||
"CREATE ROW POLICY default ON mydb.filtered_table3 FOR SELECT USING c = 1 AS permissive TO default",
|
||||
"CREATE ROW POLICY default ON mydb.local FOR SELECT USING 1 AS permissive TO default"])
|
||||
|
||||
expected_access = "CREATE ROW POLICY another ON mydb.filtered_table1 FOR SELECT USING 1 TO another\n" \
|
||||
"CREATE ROW POLICY another ON mydb.filtered_table2 FOR SELECT USING 1 TO another\n" \
|
||||
"CREATE ROW POLICY another ON mydb.filtered_table3 FOR SELECT USING 1 TO another\n" \
|
||||
"CREATE ROW POLICY another ON mydb.local FOR SELECT USING a = 1 TO another\n" \
|
||||
"CREATE ROW POLICY default ON mydb.filtered_table1 FOR SELECT USING a = 1 TO default\n" \
|
||||
"CREATE ROW POLICY default ON mydb.filtered_table2 FOR SELECT USING ((a + b) < 1) OR ((c - d) > 5) TO default\n" \
|
||||
"CREATE ROW POLICY default ON mydb.filtered_table3 FOR SELECT USING c = 1 TO default\n" \
|
||||
"CREATE ROW POLICY default ON mydb.local FOR SELECT USING 1 TO default\n"
|
||||
expected_access = "CREATE ROW POLICY another ON mydb.filtered_table1 FOR SELECT USING 1 AS permissive TO another\n" \
|
||||
"CREATE ROW POLICY another ON mydb.filtered_table2 FOR SELECT USING 1 AS permissive TO another\n" \
|
||||
"CREATE ROW POLICY another ON mydb.filtered_table3 FOR SELECT USING 1 AS permissive TO another\n" \
|
||||
"CREATE ROW POLICY another ON mydb.local FOR SELECT USING a = 1 AS permissive TO another\n" \
|
||||
"CREATE ROW POLICY default ON mydb.filtered_table1 FOR SELECT USING a = 1 AS permissive TO default\n" \
|
||||
"CREATE ROW POLICY default ON mydb.filtered_table2 FOR SELECT USING ((a + b) < 1) OR ((c - d) > 5) AS permissive TO default\n" \
|
||||
"CREATE ROW POLICY default ON mydb.filtered_table3 FOR SELECT USING c = 1 AS permissive TO default\n" \
|
||||
"CREATE ROW POLICY default ON mydb.local FOR SELECT USING 1 AS permissive TO default\n"
|
||||
assert expected_access in node.query("SHOW ACCESS")
|
||||
|
||||
copy_policy_xml('all_rows.xml')
|
||||
@ -342,22 +342,22 @@ def test_dcl_introspection():
|
||||
["another ON mydb.filtered_table1", "another ON mydb.filtered_table2", "another ON mydb.filtered_table3",
|
||||
"default ON mydb.filtered_table1", "default ON mydb.filtered_table2", "default ON mydb.filtered_table3"])
|
||||
assert node.query(
|
||||
"SHOW CREATE POLICY default ON mydb.filtered_table1") == "CREATE ROW POLICY default ON mydb.filtered_table1 FOR SELECT USING 1 TO default\n"
|
||||
"SHOW CREATE POLICY default ON mydb.filtered_table1") == "CREATE ROW POLICY default ON mydb.filtered_table1 FOR SELECT USING 1 AS permissive TO default\n"
|
||||
assert node.query(
|
||||
"SHOW CREATE POLICY default ON mydb.filtered_table2") == "CREATE ROW POLICY default ON mydb.filtered_table2 FOR SELECT USING 1 TO default\n"
|
||||
"SHOW CREATE POLICY default ON mydb.filtered_table2") == "CREATE ROW POLICY default ON mydb.filtered_table2 FOR SELECT USING 1 AS permissive TO default\n"
|
||||
assert node.query(
|
||||
"SHOW CREATE POLICY default ON mydb.filtered_table3") == "CREATE ROW POLICY default ON mydb.filtered_table3 FOR SELECT USING 1 TO default\n"
|
||||
"SHOW CREATE POLICY default ON mydb.filtered_table3") == "CREATE ROW POLICY default ON mydb.filtered_table3 FOR SELECT USING 1 AS permissive TO default\n"
|
||||
|
||||
copy_policy_xml('no_rows.xml')
|
||||
assert node.query("SHOW POLICIES") == TSV(
|
||||
["another ON mydb.filtered_table1", "another ON mydb.filtered_table2", "another ON mydb.filtered_table3",
|
||||
"default ON mydb.filtered_table1", "default ON mydb.filtered_table2", "default ON mydb.filtered_table3"])
|
||||
assert node.query(
|
||||
"SHOW CREATE POLICY default ON mydb.filtered_table1") == "CREATE ROW POLICY default ON mydb.filtered_table1 FOR SELECT USING NULL TO default\n"
|
||||
"SHOW CREATE POLICY default ON mydb.filtered_table1") == "CREATE ROW POLICY default ON mydb.filtered_table1 FOR SELECT USING NULL AS permissive TO default\n"
|
||||
assert node.query(
|
||||
"SHOW CREATE POLICY default ON mydb.filtered_table2") == "CREATE ROW POLICY default ON mydb.filtered_table2 FOR SELECT USING NULL TO default\n"
|
||||
"SHOW CREATE POLICY default ON mydb.filtered_table2") == "CREATE ROW POLICY default ON mydb.filtered_table2 FOR SELECT USING NULL AS permissive TO default\n"
|
||||
assert node.query(
|
||||
"SHOW CREATE POLICY default ON mydb.filtered_table3") == "CREATE ROW POLICY default ON mydb.filtered_table3 FOR SELECT USING NULL TO default\n"
|
||||
"SHOW CREATE POLICY default ON mydb.filtered_table3") == "CREATE ROW POLICY default ON mydb.filtered_table3 FOR SELECT USING NULL AS permissive TO default\n"
|
||||
|
||||
copy_policy_xml('no_filters.xml')
|
||||
assert node.query("SHOW POLICIES") == ""
|
||||
@ -382,7 +382,7 @@ def test_dcl_management():
|
||||
assert node.query("SELECT * FROM mydb.filtered_table1") == TSV([[1, 0]])
|
||||
assert node.query("SHOW POLICIES ON mydb.filtered_table1") == "pB\n"
|
||||
assert node.query(
|
||||
"SHOW CREATE POLICY pB ON mydb.filtered_table1") == "CREATE ROW POLICY pB ON mydb.filtered_table1 FOR SELECT USING a > b TO default\n"
|
||||
"SHOW CREATE POLICY pB ON mydb.filtered_table1") == "CREATE ROW POLICY pB ON mydb.filtered_table1 FOR SELECT USING a > b AS permissive TO default\n"
|
||||
|
||||
node.query("DROP POLICY pB ON mydb.filtered_table1")
|
||||
assert node.query("SELECT * FROM mydb.filtered_table1") == TSV([[0, 0], [0, 1], [1, 0], [1, 1]])
|
||||
@ -448,10 +448,10 @@ def test_tags_with_db_and_table_names():
|
||||
assert node.query("SELECT * FROM mydb.`.filtered_table4`") == TSV([[1, 1]])
|
||||
|
||||
assert node.query("SHOW CREATE POLICIES default") == TSV(
|
||||
["CREATE ROW POLICY default ON mydb.`.filtered_table4` FOR SELECT USING c = 2 TO default",
|
||||
"CREATE ROW POLICY default ON mydb.filtered_table2 FOR SELECT USING c > (d + 5) TO default",
|
||||
"CREATE ROW POLICY default ON mydb.filtered_table3 FOR SELECT USING c = 0 TO default",
|
||||
"CREATE ROW POLICY default ON mydb.table FOR SELECT USING a = 0 TO default"])
|
||||
["CREATE ROW POLICY default ON mydb.`.filtered_table4` FOR SELECT USING c = 2 AS permissive TO default",
|
||||
"CREATE ROW POLICY default ON mydb.filtered_table2 FOR SELECT USING c > (d + 5) AS permissive TO default",
|
||||
"CREATE ROW POLICY default ON mydb.filtered_table3 FOR SELECT USING c = 0 AS permissive TO default",
|
||||
"CREATE ROW POLICY default ON mydb.table FOR SELECT USING a = 0 AS permissive TO default"])
|
||||
|
||||
|
||||
def test_miscellaneous_engines():
|
||||
|
||||
@ -7,28 +7,28 @@ CREATE ROW POLICY p3_01295 ON db.table
|
||||
CREATE ROW POLICY p2_01295_renamed ON db.table
|
||||
-- filter
|
||||
CREATE ROW POLICY p1_01295 ON db.table FOR SELECT USING (a < b) AND (c > d)
|
||||
CREATE ROW POLICY p2_01295 ON db.table AS restrictive FOR SELECT USING id = currentUser()
|
||||
CREATE ROW POLICY p2_01295 ON db.table FOR SELECT USING id = currentUser()
|
||||
CREATE ROW POLICY p3_01295 ON db.table FOR SELECT USING 1
|
||||
CREATE ROW POLICY p1_01295 ON db.table AS restrictive FOR SELECT USING 0
|
||||
CREATE ROW POLICY p1_01295 ON db.table FOR SELECT USING 0
|
||||
-- to roles
|
||||
CREATE ROW POLICY p1_01295 ON db.table
|
||||
CREATE ROW POLICY p2_01295 ON db.table TO ALL
|
||||
CREATE ROW POLICY p3_01295 ON db.table TO r1_01295
|
||||
CREATE ROW POLICY p4_01295 ON db.table TO u1_01295
|
||||
CREATE ROW POLICY p5_01295 ON db.table TO r1_01295, u1_01295
|
||||
CREATE ROW POLICY p6_01295 ON db.table TO ALL EXCEPT r1_01295
|
||||
CREATE ROW POLICY p7_01295 ON db.table TO ALL EXCEPT r1_01295, u1_01295
|
||||
CREATE ROW POLICY p1_01295 ON db.table TO u1_01295
|
||||
CREATE ROW POLICY p2_01295 ON db.table AS permissive TO ALL
|
||||
CREATE ROW POLICY p3_01295 ON db.table AS permissive TO r1_01295
|
||||
CREATE ROW POLICY p4_01295 ON db.table AS permissive TO u1_01295
|
||||
CREATE ROW POLICY p5_01295 ON db.table AS permissive TO r1_01295, u1_01295
|
||||
CREATE ROW POLICY p6_01295 ON db.table AS permissive TO ALL EXCEPT r1_01295
|
||||
CREATE ROW POLICY p7_01295 ON db.table AS permissive TO ALL EXCEPT r1_01295, u1_01295
|
||||
CREATE ROW POLICY p1_01295 ON db.table AS permissive TO u1_01295
|
||||
CREATE ROW POLICY p2_01295 ON db.table
|
||||
-- multiple policies in one command
|
||||
CREATE ROW POLICY p1_01295 ON db.table FOR SELECT USING 1
|
||||
CREATE ROW POLICY p2_01295 ON db.table FOR SELECT USING 1
|
||||
CREATE ROW POLICY p3_01295 ON db.table TO u1_01295
|
||||
CREATE ROW POLICY p3_01295 ON db2.table2 TO u1_01295
|
||||
CREATE ROW POLICY p3_01295 ON db.table AS permissive TO u1_01295
|
||||
CREATE ROW POLICY p3_01295 ON db2.table2 AS permissive TO u1_01295
|
||||
CREATE ROW POLICY p4_01295 ON db.table FOR SELECT USING a = b
|
||||
CREATE ROW POLICY p5_01295 ON db2.table2 FOR SELECT USING a = b
|
||||
CREATE ROW POLICY p1_01295 ON db.table FOR SELECT USING 1 TO ALL
|
||||
CREATE ROW POLICY p2_01295 ON db.table FOR SELECT USING 1 TO ALL
|
||||
CREATE ROW POLICY p1_01295 ON db.table FOR SELECT USING 1 AS permissive TO ALL
|
||||
CREATE ROW POLICY p2_01295 ON db.table FOR SELECT USING 1 AS permissive TO ALL
|
||||
-- system.row_policies
|
||||
p1_01295 ON db.table p1_01295 db table local directory (a < b) AND (c > d) permissive 0 [] []
|
||||
p2_01295 ON db.table p2_01295 db table local directory id = currentUser() restrictive 0 ['u1_01295'] []
|
||||
|
||||
@ -6,15 +6,15 @@ CREATE ROW POLICY p1_01296 ON db_01296.table FOR SELECT USING 1
|
||||
-- multiple policies
|
||||
CREATE ROW POLICY p1_01296 ON db_01296.table FOR SELECT USING 1
|
||||
CREATE ROW POLICY p2_01296 ON db_01296.table FOR SELECT USING 1
|
||||
CREATE ROW POLICY p3_01296 ON db_01296.table TO u1_01296
|
||||
CREATE ROW POLICY p3_01296 ON db_01296.table2 TO u1_01296
|
||||
CREATE ROW POLICY p3_01296 ON db_01296.table AS permissive TO u1_01296
|
||||
CREATE ROW POLICY p3_01296 ON db_01296.table2 AS permissive TO u1_01296
|
||||
CREATE ROW POLICY p4_01296 ON db_01296.table FOR SELECT USING a = b
|
||||
CREATE ROW POLICY p5_01296 ON db_01296.table2 FOR SELECT USING a = b
|
||||
CREATE ROW POLICY p1_01296 ON db_01296.table FOR SELECT USING 1
|
||||
CREATE ROW POLICY p2_01296 ON db_01296.table FOR SELECT USING 1
|
||||
CREATE ROW POLICY p3_01296 ON db_01296.table TO u1_01296
|
||||
CREATE ROW POLICY p3_01296 ON db_01296.table2 TO u1_01296
|
||||
CREATE ROW POLICY p3_01296 ON db_01296.table AS permissive TO u1_01296
|
||||
CREATE ROW POLICY p3_01296 ON db_01296.table2 AS permissive TO u1_01296
|
||||
CREATE ROW POLICY p4_01296 ON db_01296.table FOR SELECT USING a = b
|
||||
CREATE ROW POLICY p5_01296 ON db_01296.table2 FOR SELECT USING a = b
|
||||
CREATE ROW POLICY p1_01296 ON db_01296.table FOR SELECT USING 1 TO ALL
|
||||
CREATE ROW POLICY p2_01296 ON db_01296.table FOR SELECT USING 1 TO ALL
|
||||
CREATE ROW POLICY p1_01296 ON db_01296.table FOR SELECT USING 1 AS permissive TO ALL
|
||||
CREATE ROW POLICY p2_01296 ON db_01296.table FOR SELECT USING 1 AS permissive TO ALL
|
||||
|
||||
Loading…
Reference in New Issue
Block a user