B.4 Confidentiality Privilege Manipulation Functions

Function name	Return value	Description
pgx_grant_confidential_privilege(confidential_matrix_name varchar, confidential_level_name varchar, confidential_group_name varchar, privilege json)	void	Grant confidentiality privileges. Only confidentiality management role for the specified confidentiality matrix can execute this function. Grants access to the confidentiality level specified by confidential_level_name to the confidentiality group specified by confidential_group_name. When you run this function repeatedly, it simply adds more privileges to grant. Granting the same privilege more than once does not result in an error. The privilege to be granted is specified in privilege. privilege specifies the type of the confidentiality object as the key and an array of privileges as the value, like this: '{ "table":["SELECT", "INSERT", "UPDATE", "DELETE"], "schema":["CREATE", "USAGE"], "rowset":["ALL"] }' The privileges that can be specified depend on the type of confidentiality object. Privilege for rowset type confidentiality object is privilege that can be specified in the FOR clause of the CREATE POLICY statement. Except for the rowset type, it is a privilege that can be granted with the GRANT statement according to the confidentiality object type. If ALL is specified, it is assumed that all privileges that can be specified for that type are listed. That is, ALL does not appear in the cpriacl column of the pgx_confidential_privilege table. The same specification as the WITH GRANT OPTION clause of the GRANT statement cannot be specified. This is because only confidentiality management roles should use this feature to change privilege to confidentiality objects. Be carefull when PUBLIC is granted to target confidentiality object. This is because granting privileges to PUBLIC is the same as granting privileges to all roles registered in the confidentiality matrix. This function will fail if a privilege granted indirectly to each role using PUBLIC is defined in the confidentiality privileges that should not be granted to that role. Similarly, this function also checks privileges granted indirectly through group roles that are not registered in the confidentiality matrix. In doing so, it recursively checks the chain of inheritance.
pgx_revoke_confidential_privilege(confidential_matrix_name varchar, confidential_level_name varchar, confidential_group_name varchar, privilege json)	void	Revoke confidentiality privileges. Only confidentiality management role for the specified confidentiality matrix can execute this function. Revokes privilege to the confidentiality level specified by confidential_level_name from the confidentiality group specified by confidential_group_name. Revoking ungranted privileges does not fail. Privilege to be revoked is specified in privilege. The specification method is the same as pgx_grant_confidential_privilege function. Be carefull when PUBLIC is granted to target confidentiality object. This is because granting privileges to PUBLIC is the same as granting privileges to all roles registered in the confidentiality matrix. This function will fail if a privilege granted indirectly to each role using PUBLIC is defined in the confidentiality privileges that should not be granted to that role. Similarly, this function also checks privileges granted indirectly through group roles that are not registered in the confidentiality matrix. This time, it checks the chain of inheritance up to its ancestors.

Function name

Return value

Description

pgx_grant_confidential_privilege(confidential_matrix_name varchar, confidential_level_name varchar, confidential_group_name varchar, privilege json)

void

Grant confidentiality privileges.

Only confidentiality management role for the specified confidentiality matrix can execute this function.

Grants access to the confidentiality level specified by confidential_level_name to the confidentiality group specified by confidential_group_name.

When you run this function repeatedly, it simply adds more privileges to grant. Granting the same privilege more than once does not result in an error.

The privilege to be granted is specified in privilege. privilege specifies the type of the confidentiality object as the key and an array of privileges as the value, like this:

'{
  "table":["SELECT", "INSERT", "UPDATE", "DELETE"],
  "schema":["CREATE", "USAGE"],
  "rowset":["ALL"]
}'

The privileges that can be specified depend on the type of confidentiality object.

Privilege for rowset type confidentiality object is privilege that can be specified in the FOR clause of the CREATE POLICY statement.

Except for the rowset type, it is a privilege that can be granted with the GRANT statement according to the confidentiality object type.

If ALL is specified, it is assumed that all privileges that can be specified for that type are listed.

That is, ALL does not appear in the cpriacl column of the pgx_confidential_privilege table.

The same specification as the WITH GRANT OPTION clause of the GRANT statement cannot be specified. This is because only confidentiality management roles should use this feature to change privilege to confidentiality objects.

Be carefull when PUBLIC is granted to target confidentiality object. This is because granting privileges to PUBLIC is the same as granting privileges to all roles registered in the confidentiality matrix. This function will fail if a privilege granted indirectly to each role using PUBLIC is defined in the confidentiality privileges that should not be granted to that role. Similarly, this function also checks privileges granted indirectly through group roles that are not registered in the confidentiality matrix. In doing so, it recursively checks the chain of inheritance.

pgx_revoke_confidential_privilege(confidential_matrix_name varchar, confidential_level_name varchar, confidential_group_name varchar, privilege json)

void

Revoke confidentiality privileges.

Only confidentiality management role for the specified confidentiality matrix can execute this function.

Revokes privilege to the confidentiality level specified by confidential_level_name from the confidentiality group specified by confidential_group_name.

Revoking ungranted privileges does not fail.

Privilege to be revoked is specified in privilege. The specification method is the same as pgx_grant_confidential_privilege function.

Be carefull when PUBLIC is granted to target confidentiality object. This is because granting privileges to PUBLIC is the same as granting privileges to all roles registered in the confidentiality matrix. This function will fail if a privilege granted indirectly to each role using PUBLIC is defined in the confidentiality privileges that should not be granted to that role. Similarly, this function also checks privileges granted indirectly through group roles that are not registered in the confidentiality matrix. This time, it checks the chain of inheritance up to its ancestors.