The role executing this function is considered the confidentiality management role. If this function is executed after SET ROLE, the role specified in SET ROLE will be regarded as the confidentiality management role, not the role that executed SET ROLE.

The source must be within the same database. If you want to copy from different databases or different database instances, choose one of the following methods. If you choose the method using COPY statement, confirm the cautions shown below.

• Define using a function in the same way as the original.

• Perform the following steps

  Execute steps other than step 6 with a role that has SUPERUSER privileges.

  1. Set up extensions in the target database.

  2. From the table below, specify the ID of the source confidentiality matrix in the WHERE clause and extract the data using the COPY TO statement.

     • pgx_confidential_matrix

     • pgx_confidential_level

     • pgx_confidential_group

     • pgx_confidential_privilege

  3. Refer to the pg_sequences system view and save the value of the last_value column of the following SEQUENCE in a file.

     • pgx_confidential_matrix_cmatid_seq

     • pgx_confidential_level_clevid_seq

     • pgx_confidential_group_cgroid_seq

     • pgx_confidential_privilege_cpriid_seq

  4. Load the data extracted in step 2 into the above table in the target database using the COPY FROM statement. This operation can be performed by any confidentiality management role in any confidentiality matrix.

  5. Use the pg_catalog.setval function to set the last_value for each SEQUENCE on the copy destination, specifying the value saved in step 3. An example is shown below.

     SELECT pg_catalog.setval('pgx_confidential_matrix_cmatid_seq', 5)

  6. Create a new confidentiality matrix using the pgx_copy_confidential_matrix function and specifying the confidentiality matrix loaded in step 4 as the copy source. Perform this operation in the confidentiality management role of the newly created confidentiality matrix.

  7. Use the pgx_drop_confidential_matrix function specifying false for drop_role to drop the confidentiality matrix loaded in step 4.

  Note

  • If you specify true for drop_role, you will not be able to continue to be managed by the original confidentiality matrix. The reason is as follows.

    After completing step 6, you should have:

    a) Confidentiality matrix of source database

    b) the confidentiality matrix loaded in step 4

    c) Confidentiality matrix duplicated in step 6

    The b) and c) confidentiality matrices use different confidentiality group roles. This is the effect of the pgx_copy_confidential_matrix function. However, the confidentiality matrices of a) and b) share the same confidentiality group role. Although this is temporary, it is a bad situation. To do so, remove the confidentiality matrix in b) in step 7. If true is specified for drop_role at this time, the confidentiality group role used in a) will be deleted. Therefore, management by the confidentiality matrix of a) cannot be continued.

  • The destination must have just installed this extension with CREATE EXTENSION. This is because the table data contained in this extension contains an ID representing the confidentiality matrix and confidentiality level, and this ID is generated by the SEQUENCE included in the extension. For example, if you have created at least one confidentiality matrix, the confidentiality matrix is numbered with an ID of 1, but that matrix is not the object numbered with an ID of 1 in the copy source.