...
2. Policy
Code Block |
---|
KW_CREATE opt_policy_typeident:type KW_POLICY opt_if_not_exists:ifNotExists ident:policyName KW_ON table_name:tbl KW_AS ident:filterType KW_TO user_identity:user KW_USING LPAREN expr:wherePredicate RPAREN {: RESULT = new CreatePolicyStmt(type, ifNotExists, policyName, tbl, filterType, user, wherePredicate); :} |
1. Multiple policies on one table wherePredicate will be merged by filterType(RESTRICTIVE | PERMISSIVE)
CREATE ROW POLICY test_row_policy_1 ON test.table1 AS RESTRICTIVE TO root USING (id in (1, 2));
CREATE ROW POLICY test_row_policy_2 ON test.table1 AS PERMISSIVE TO root USING (col1='col1_1');
CREATE ROW POLICY test_row_policy_3 ON test.table1 AS RESTRICTIVE TO root USING (col2='col2_1');
CREATE ROW POLICY test_row_policy_4 ON test.table1 AS RESTRICTIVE TO root USING (col3='col3_1');
→ POLICY.wherePredicate=wherePredicate:(id in (1, 2) and col1='col1_1' and ) or col2='col2_1' or col3='col3_1',PERMISSIVE or RESTRICTIVE depends on the last policy
...
3.StmtWrite
1. Match SelectStmt/SetOperationStmt(union)
2. Replace match policy's TableRef in fromClause with InlineViewRef, InlineViewRef.QueryStmt use policy's wherePredicate
...