Creating policies #

A policy supplies privileges to an entity such as a catalog, schema, table, view, or column, based on the entity’s assigned attributes.

Use the Roles and privileges pane to view the list of roles and the properties for each role, as well as access to the Policies tab.

The Policies tab is only visible if a role in the user’s active role set has the account-level privilege MANAGE_SECURITY.

To create a new policy:

1. Click Add policy to open the Create policy pane.
2. In the Create policy pane, give the policy a name and description.
3. Use the drop-down menus to determine the scope of the policy. For example, you can set the scope to be all schemas in the catalog sales_data, or a specific table within a specific schema of the catalog sales_data. You can select multiple scopes at a time for each entity.
4. Select a method to limit the scope. You can choose to Match everything in scope or to Match using expression. See matching expressions for details and examples of matching expressions.
5. Set privileges for the policy. As an example, you can grant ALLOW for the Create schema privilege, and DENY for the Select from table privilege. Click Add privilege to add more privileges.
6. Use the Row filter drop-down to select an existing row filter to apply to the policy. In the drop-down, select Create new row filter to create a new row filter. Click Add row filter to add additional filters.
7. Click Add column mask to add an existing column mask to the policy. Use the Scope menu to determine the scope of the column mask, such as sales_data.*.*. In the Column mask menu, select an existing column mask from the list, or select Create new column mask to create a new one.
8. Set an expiration date and time for the policy. Policy expirations are optional.
9. Click Create policy.

To view, edit, or delete an existing policy, click the more_vert options menu and select View policy, Edit policy, or Delete policy.

See the Access control policies types page for more information.