Modifying a data redaction policy v17

The ALTER REDACTION POLICY command changes the definition of data redaction policy for a table.

Synopsis

ALTER REDACTION POLICY <name> ON <table_name> RENAME TO <new_name>

ALTER REDACTION POLICY <name> ON <table_name> FOR ( <expression> )

ALTER REDACTION POLICY <name> ON <table_name> { ENABLE | DISABLE}

ALTER REDACTION POLICY <name> ON <table_name>
  ADD [ COLUMN ] <column_name> USING <funcname_clause>
    [ WITH OPTIONS ( [ <redaction_option> ]
      [, <redaction_option> ] )
    ]

ALTER REDACTION POLICY <name> ON <table_name>
  MODIFY [ COLUMN ] <column_name>
  {
    [ USING <funcname_clause> ]
  |
    [ WITH OPTIONS ( [ <redaction_option> ]
      [, <redaction_option> ] )
    ]
  }

ALTER REDACTION POLICY <name> ON <table_name>
  DROP [ COLUMN ] <column_name>

Where redaction_option is:

{ SCOPE <scope_value> |
  EXCEPTION <exception_value> }

Description

ALTER REDACTION POLICY changes the definition of an existing data redaction policy.

To use ALTER REDACTION POLICY, you must own the table that the data redaction policy applies to.

FOR ( expression )

This form adds or replaces the data redaction policy expression.

ENABLE

Enables the previously disabled data redaction policy for a table.

DISABLE

Disables the data redaction policy for a table.

ADD [ COLUMN ]

This form adds a column of the table to the existing redaction policy. See CREATE REDACTION POLICY for details.

MODIFY [ COLUMN ]

This form modifies the data redaction policy on the column of the table. You can update the redaction function clause or the redaction options for the column. The USING clause specifies the redaction function expression to update. The WITH OPTIONS ( ... ) clause specifies the scope or the exception. For more details on the redaction function clause, the redaction scope, and the redaction exception, see CREATE REDACTION POLICY.

DROP [ COLUMN ]

This form removes the column of the table from the data redaction policy.

Parameters

name

The name of an existing data redaction policy to alter.

table_name

The optionally schema-qualified name of the table that the data redaction policy is on.

new_name

The new name for the data redaction policy. This must be distinct from the name of any other existing data redaction policy for the table.

expression

The data redaction policy expression.

column_name

Name of existing column of the table on which the data redaction policy is being altered or dropped.

funcname_clause

The data redaction function expression for the column. See CREATE REDACTION POLICY for details.

scope_value

The scope identifies the query part to apply redaction for the column. See CREATE REDACTION POLICY for the details.

exception_value

The exception identifies the query part where redaction are exempted. See CREATE REDACTION POLICY for the details.

Examples

Update the data redaction policy called redact_policy_personal_info on the table named employees:

ALTER REDACTION POLICY redact_policy_personal_info ON employees
FOR (session_user != 'hr' AND session_user != 'manager');

To update the data redaction function for the column ssn in the same policy:

ALTER REDACTION POLICY redact_policy_personal_info ON employees
MODIFY COLUMN ssn USING redact_ssn_new(ssn);

Compatibility

ALTER REDACTION POLICY is an EDB extension.

See also

CREATE REDACTION POLICY, DROP REDACTION POLICY