Confidentiality management feature provides functions and tables.
Some functions define, change, or drop confidentiality matrices, etc. These functions will output an audit log indicating that they were executed, so you can later confirm that an illegal operation was performed.
In addition, you can directly refer to the table provided by this feature and check the defined contents using functions that help referencing.
Also, some functions output the attributes of confidentiality objects defined in the PostgreSQL system catalog and the attributes that should be set for that confidentiality object. You can use these to compare attributes.
For details, refer to "Appendix B System Management Functions Used by Confidentiality Management Feature".
Tables included by the pgx_confidential_management_support extension
Table name | Description |
|---|---|
pgx_confidential_matrix | A list of confidentiality matrices. You can refer to the attributes of the registered confidentiality matrix, the update time, or the time when the confidentiality level or confidentiality group was registered or deleted. |
pgx_confidential_level | A list of confidentiality levels. You can refer to the registered confidentiality level attributes, update time, or the time when a confidentiality object was registered to the confidentiality level or removed from the confidentiality level. |
pgx_confidential_group | A list of confidentiality groups. You can refer to the registered confidentiality group attributes, update time, or the time when a role was registered to the confidentiality group or removed from the confidentiality group. |
pgx_confidential_privilege | A list of confidentiality privileges. You can refer to confidentiality privilege set for each confidentiality object, update time, and so on. |
pgx_confidential_object | A list of confidentiality objects. You can refer to object attributes or update time, and so on. |
pgx_confidential_role | A list of roles registered in the confidentiality group. You can refer to role attributes or update time, and so on. |
pgx_confidential_policy | This is a list of policies created to set privileges for rowset-type confidentiality objects. You can refer to the name of the policy you created and the privileges it has set. Rows in this table are inserted when you add a rowset-type confidentiality object. |
Rows in each table are added, deleted, or updated when you execute functions to add, delete, or update definitions.
Also, if the target confidentiality object is deleted by a DROP TABLE statement, etc., it will also be deleted from the following tables.
pgx_confidential_object
pgx_confidential_policy
Functions for adding, removing or updating definitions
These functions will print an audit log indicating that they were executed.
Function name | Description |
|---|---|
pgx_create_confidential_matrix | Create a confidentiality matrix. |
pgx_alter_confidential_matrix | Change the attributes of the confidentiality matrix. |
pgx_drop_confidential_matrix | Drop the confidentiality matrix. |
pgx_copy_confidential_matrix | Copy the confidentiality matrix. |
pgx_create_confidential_level | Create confidentiality levels and register them in the confidentiality matrix. |
pgx_alter_confidential_level | Change the confidentiality level attribute. |
pgx_drop_confidential_level | Remove a confidentiality level from the confidentiality matrix and drop a confidentiality level. |
pgx_create_confidential_group | Create a confidentiality group and register it in the confidentiality matrix. |
pgx_alter_confidential_group | Change the attributes of a confidentiality group. |
pgx_drop_confidential_group | Remove confidentiality groups from the confidentiality matrix and drop confidentiality group. |
pgx_grant_confidential_privilege | Grant confidentiality privileges. |
pgx_revoke_confidential_privilege | Revoke confidentiality privileges. |
pgx_add_object_to_confidential_level | Add confidentiality objects to the confidentiality level. |
pgx_remove_object_from_confidential_level | Removes confidentiality objects from the confidentiality level. |
pgx_add_role_to_confidential_group | Add a role to a confidentiality group. |
pgx_remove_role_from_confidential_group | Remove a role from a confidentiality group. |
Functions that Support Definition Referencing and Comparison with System Catalogs
Function name | Description |
|---|---|
pgx_get_attribute_of_objects | For all confidentiality objects registered in the specified confidentiality matrix, displays the attributes defined in the confidentiality matrix and the attributes actually set in the database. |
pgx_get_attribute_of_roles | For all roles registered in the specified confidentiality matrix, displays the attributes defined in the confidentiality matrix and the attributes actually set in the system catalog. |
pgx_get_privileges_on_level_and_group | Displays a list of combinations of confidentiality objects registered with the specified confidentiality level and roles registered with the specified confidentiality group, such that the following can be compared.
|
pgx_get_privileges_on_object | For the specified confidentiality object, display a list that allows you to compare the following:
|
pgx_get_privileges_on_role | For all confidentiality objects, display a list that allows you to compare:
|
pgx_get_privileges_on_matrix | For all objects registered in the specified confidentiality matrix, display a list that allows you to compare:
|
Describe the definition procedure.
