ALTER POLICY
This page documents the preview version (v2.21). Preview includes features under active development and is for development and testing only. For production, use the stable version (v2024.1). To learn more, see Versioning.
Synopsis
Use the ALTER POLICY
statement to change the definition of a row level security policy. It can be used to
change the roles that the policy applies to and the USING
and CHECK
expressions of the policy.
Syntax
alter_policy ::= ALTER POLICY name ON table_name
[ TO { role_name
| PUBLIC
| CURRENT_USER
| SESSION_USER } [ , ... ] ]
[ USING ( using_expression ) ]
[ WITH CHECK ( check_expression ) ]
alter_policy_rename ::= ALTER POLICY name ON table_name RENAME TO
new_name
Where
name
is the name of the policy being updated.table_name
is the name of the table on which the policy applies.new_name
is the new name of the policy.role_name
is the role(s) to which the policy applies. UsePUBLIC
if the policy should be applied to all roles.using_expression
is a SQL conditional expression. Only rows for which the condition returns to true will be visible in aSELECT
and available for modification in anUPDATE
orDELETE
.check_expression
is a SQL conditional expression that is used only forINSERT
andUPDATE
queries. Only rows for which the expression evaluates to true will be allowed in anINSERT
orUPDATE
. Note that unlikeusing_expression
, this is evaluated against the proposed new contents of the row.
Examples
- Rename a policy.
yugabyte=# ALTER POLICY p1 ON table_foo RENAME TO p2;
- Apply policy to all roles.
yugabyte=# ALTER POLICY p1 ON table_foo TO PUBLIC;