Classify the intended database object into the appropriate confidentiality level according to the confidentiality level design. In the example below, 'table1' of 'schema1' and 'table2' of 'schema1' are added to 'level1' at the same time. Specify the confidentiality object type and confidentiality object name in the third argument in JSON format. If the type is same, you can enumerate multiple confidentiality objects. You can enumerate multiple objects you want to register for each sensitive object type. In this example, only the table type is registered, but schema type can also be registered at the same time.

select pgx_add_object_to_confidential_level ('matrix_foo', 'level1', 
'[{
    "type":"table",
    "object":[
        {
          "schema":"schema1",
          "table":["table1","table2"]
        }
     ]
}]')

When specifying a rowset, you must declare what kind of set of rows it is in the value of the rowset_expression key. For details on how to specify it, refer to "B.5 Confidentiality Object Manipulation Functions".

When this function is executed, the confidentiality management feature internally uses the GRANT statement or CREATE POLICY statement to grant privileges to the specified confidentiality objects to all confidentiality groups set in the confidentiality matrix. The effect of the GRANT statement can be checked as follows. This example checks the privileges granted on 'table1' in 'schema1' and 'table2' in 'schema1'.

select pgx_get_privileges_on_object('matrix_foo',
'[{
    "type":"table",
    "object":[
      "schema":"schema1",
      "table":["table1","table2"]
    ]
}]')