Description
Creates masking policies
Format
The format varies depending on the masking type. The format is shown below.
pgx_create_confidential_policy( [schema_name := 'schemaName',] table_name := 'tableName', policy_name := 'policyName', expression := 'expr' [, enable := 'policyStatus'] [, policy_description := 'policyDesc'] [, column_name := 'colName' [, function_type := 'FULL'] | [, function_type := 'PARTIAL', partialOpt] | [, function_type := 'REGEXP', regexpOpt] [, column_description := 'colDesc'] ])
partialOpt: function_parameters := 'maskingFmt'
regexpOpt: regexp_pattern := 'regexpPattern', regexp_replacement := 'regexpReplacementChar', [, regexp_flags := 'regexpFlags']
Argument
Details are as follows.
Masking type for which an argument can be specified | Argument | Data type | Description | Default value |
|---|---|---|---|---|
All | schema_name | varchar(63) | Schema name of table for which the masking policy is created | 'public' |
table_name | varchar(63) | Name of table for which the masking policy is created | Mandatory | |
policy_name | varchar(63) | Masking policy name | Mandatory | |
expression | varchar(1024) | Masking condition | Mandatory | |
enable | boolean | Masking policy status
| 't' | |
policy_description | varchar(1024) | Masking policy description | NULL | |
column_name | varchar(63) | Masking target name | NULL | |
function_type | varchar(63) | Masking type
| 'FULL' | |
column_description | varchar(1024) | Masking target description | NULL | |
Partial masking | function_parameters | varchar(1024) | Masking format for partial masking | Mandatory |
Regular expression masking | regexp_pattern | varchar(1024) | Search pattern for regular expression masking | Mandatory |
regexp_replacement | varchar(1024) | Replacement character/string for regular expression masking | Mandatory | |
regexp_flags | varchar(20) | Regular expression flags | NULL |
Details about whether arguments can be omitted are as follows.
Argument | Mandatory or optional | ||
|---|---|---|---|
Full masking | Partial masking | Regular expression masking | |
schema_name | Y | Y | Y |
table_name | N | N | N |
policy_name | N | N | N |
expression | N | N | N |
enable | Y | Y | Y |
policy_description | Y | Y | Y |
column_name | Y | Y | Y |
function_type | Y | Y | Y |
column_description | Y | Y | Y |
function_parameters | - | N | - |
regexp_pattern | - | - | N |
regexp_replacement | - | - | N |
regexp_flags | - | - | Y |
Y: Can be omitted; N: Cannot be omitted; -: Ignored when specified
Return value
Return value | Description |
|---|---|
TRUE | Ended normally |
FALSE | Ended abnormally |
Execution example 1
Creating masking policy p1 that does not contain a masking target
postgres=# select pgx_create_confidential_policy(table_name := 't1', policy_name := 'p1', expression := '1=1'); pgx_create_confidential_policy --------------------------------- t (1 row)
Execution example 2
Creating masking policy p1 that contains masking target c1 of which the masking type is full masking
postgres=# select pgx_create_confidential_policy(schema_name := 'public', table_name := 't1', policy_name := 'p1', expression := '1=1', enable := 't', policy_description := 'this policy is an example.', column_name := 'c1', function_type := 'FULL', column_description := 'c1 column is FULL.'); pgx_create_confidential_policy --------------------------------- t (1 row)
Execution example 3
Creating masking policy p1 that contains masking target c2 of which the masking type is partial masking
postgres=# select pgx_create_confidential_policy( table_name := 't1', policy_name := 'p1', expression := '1=1', column_name := 'c2', function_type := 'PARTIAL', function_parameters := 'VVVFVVVVFVVVV, VVV-VVVV-VVVV, *, 4, 11'); pgx_create_confidential_policy --------------------------------- t (1 row)
Execution example 4
Creating masking policy p1 that contains masking target c3 of which the masking type is regular expression masking
postgres=# select pgx_create_confidential_policy( table_name := 't1', policy_name := 'p1', expression := '1=1', column_name := 'c3', function_type := 'REGEXP', regexp_pattern := '(.*)(@.*)', regexp_replacement := 'xxx\2', regexp_flags := 'g'); pgx_create_confidential_policy --------------------------------- t (1 row)
Description
The arguments for the pgx_create_confidential_policy system management function can be specified in any order.
If column_name is omitted, only masking policies that do not contain masking target will be created.
One masking policy can be created for each table. Use the pgx_alter_confidential_policy system management function to add a masking target to a masking policy.
The function_parameters argument is enabled when the function_type is PARTIAL. If the function_type is other than PARTIAL, it will be ignored.
The arguments below are enabled when the function_type is REGEXP. If the function_type is other than REGEXP, these arguments will be ignored.
regexp_pattern
regexp_replacement
regexp_flags
Note
If a table for which a masking policy is to be applied is deleted, delete the masking policy as well.
See
Refer to "String Constants" in the PostgreSQL Documentation for information on the strings to specify for arguments.
Refer to "POSIX Regular Expressions" in the PostgreSQL Documentation and check pattern, replacement, and flags for information on the values that can be specified for regexp_pattern, regexp_replacement, and regexp_flags.
