SQL - CREATE SECURITY POLICY
Creates a security policy that can be bound to one or more security resources, for one or more roles.
A security resource is a set of SQL predicates, associated to basic operations (eg. CREATE, READ and so on), that are evaluated for each record to determine if the operation is allowed or not.
Syntax
CREATE SECURITY POLICY <name>
[
SET
( [CREATE | READ | BEFORE UPDATE | AFTER UPDATE | DELETE | EXECUTE] = (<sqlPredicate>) )*
<name>
The security policy name. It is used in the GRANT statement to bind it to a role and a resource<sqlPredicate>
a valid SQL predicate
Examples
-
Create an empty policy
CREATE SECURITY POLICY foo
-
Create a security policy with all the predicates defined:
CREATE SECURITY POLICY foo SET CREATE = (name = 'foo'), READ = (TRUE), BEFORE UPDATE = (name = 'foo'), AFTER UPDATE = (name = 'foo'), DELETE = (name = 'foo'), EXECUTE = (name = 'foo')
For more information, see