ALTER ACCESS POLICY
Performs one of the following actions on existing access policies:
- Modify an access policy by changing its expression, and by enabling/disabling the policy.
- Copy an access policy from one table to another.
Syntax
Modify policy
ALTER ACCESS POLICY ON [[database.]schema.]table { FOR COLUMN column [ expression ] | FOR ROWS [ WHERE expression ] } { GRANT TRUSTED } { ENABLE | DISABLE }
Copy policy
ALTER ACCESS POLICY ON [[database.]schema.]table { FOR COLUMN column | FOR ROWS } COPY TO TABLE table;
Parameters
|
Database and schema. The default schema is |
table
|
The name of the table that contains the access policy you want to enable, disable, or copy. |
FOR COLUMN column [expression]
|
Replaces the access policy expression that was previously set for this column. Omit expression from the |
FOR ROWS [WHERE expression]
|
Replaces the row access policy expression that was previously set for this table. Omit |
|
Specifies that GRANT statements take precedence over the access policy in determining whether users can perform DML operations on the target table. If omitted, users can only modify table data if the access policy allows them to see the stored data in its original, unaltered state. For more information, see Access Policies and DML Operations.
GRANT TRUSTED only affects DML operations and does not enable users to see data that the access policy would otherwise mask. Specifying this option may allow users with certain grants to update data that they cannot see.
|
ENABLE | DISABLE
|
Indicates whether to enable or disable the access policy at the table level. |
COPY TO TABLE tablename
|
Copies the existing access policy to the specified table. The copied access policy includes its enabled/disabled and GRANT TRUSTED statuses. The following requirements apply:
|
Privileges
Modify Access Policy
Non-superuser: Ownership of the table
Copy Access Policy
Non-superuser: Ownership of the source and destination tables