Policies

You can use policies to provide row-level security (RLS) in HEAVY.AI.

CREATE POLICY

CREATE POLICY ON COLUMN table.column TO <name> VALUES ('string', 123, ...);

Create an RLS policy for a user or role (<name>); admin rights are required. All queries on the table for the user or role are automatically filtered to include only rows where the column contains any one of the values from the VALUES clause.

RLS filtering works similarly to a WHERE column = value clause, appended to every query or subquery on the table, would work. If policies on multiple columns in the same table are defined for a user or role, then a row is visible to that user or role if any one or more of the policies matches that row.

DROP POLICY

DROP POLICY ON COLUMN table.column FROM <name>;

Drop an RLS policy for a user or role (<name>); admin rights are required. All values specified for the column by the policy are dropped. Effective values from another policy on an inherited role are not dropped.

SHOW POLICIES

SHOW [EFFECTIVE] POLICIES <name>;

Displays a list of all RLS policies that exist for a user or role. If EFFECTIVE is used, the list also include any policies that exist for all roles that apply to the requested user or role.

Last updated