ALTER POLICY

This page documents the preview version (v2.23). Preview includes features under active development and is for development and testing only. For production, use the stable version (v2024.1). To learn more, see Versioning.

Synopsis

Use the ALTER POLICY statement to change the definition of a row level security policy. It can be used to change the roles that the policy applies to and the USING and CHECK expressions of the policy.

Syntax

alter_policy ::= ALTER POLICY name ON table_name 
                 [ TO { role_name
                        | PUBLIC
                        | CURRENT_USER
                        | SESSION_USER } [ , ... ] ]  
                 [ USING ( using_expression ) ] 
                 [ WITH CHECK ( check_expression ) ]

alter_policy_rename ::= ALTER POLICY name ON table_name RENAME TO 
                        new_name

alter_policy

ALTERPOLICYnameONtable_nameTO,role_namePUBLICCURRENT_USERSESSION_USERUSING(using_expression)WITHCHECK(check_expression)

alter_policy_rename

ALTERPOLICYnameONtable_nameRENAMETOnew_name

Where

  • name is the name of the policy being updated.
  • table_name is the name of the table on which the policy applies.
  • new_name is the new name of the policy.
  • role_name is the role(s) to which the policy applies. Use PUBLIC if the policy should be applied to all roles.
  • using_expression is a SQL conditional expression. Only rows for which the condition returns to true will be visible in a SELECT and available for modification in an UPDATE or DELETE.
  • check_expression is a SQL conditional expression that is used only for INSERT and UPDATE queries. Only rows for which the expression evaluates to true will be allowed in an INSERT or UPDATE. Note that unlike using_expression, this is evaluated against the proposed new contents of the row.

Examples

  • Rename a policy.
yugabyte=# ALTER POLICY p1 ON table_foo RENAME TO p2;
  • Apply policy to all roles.
yugabyte=# ALTER POLICY p1 ON table_foo TO PUBLIC;

See also