v.20.1Experimental Feature

Reworked Row Policies in Access Control System

Official CH changelog text
Reworked row policies as a part of access control system. Added new table system.row_policies, new function currentRowPolicies(), new SQL syntax CREATE POLICY, ALTER POLICY, DROP POLICY, SHOW CREATE POLICY, SHOW POLICIES. #7808 (Vitaly Baranov)
Reworked row-level security policies in ClickHouse with enhanced management and visibility features. New components include the system.row_policies table, the currentRowPolicies() function, and new SQL commands CREATE POLICY, ALTER POLICY, DROP POLICY, SHOW CREATE POLICY, and SHOW POLICIES.

Why it matters

To improve and modernize the row-level access control system in ClickHouse. This update addresses the need for clearer, standardized, and more manageable row policy administration, enabling users to define, modify, and inspect row-based data access restrictions efficiently, thereby enhancing security and governance capabilities.

How to use it

Users can create, modify, and drop row policies using the new SQL syntax:

CREATE POLICY ...
ALTER POLICY ...
DROP POLICY ...
SHOW CREATE POLICY ...
SHOW POLICIES;


They can also query the system.row_policies table to inspect policies and use the currentRowPolicies() function in queries to access the active row policies applied in the current context.

Related resources

PreviousNext