addRowAccessPolicyOnView
Adds a row access policy to a view in Snowflake. The policy arguments must map to specific view columns to filter row-level access based on the policy expression.
Note: Automatic rollback drops the policy from the view.
Known limitation: This change type does not support database inspection features (snapshot, diff, diff-changelog, and generate-changelog commands).
Available attributes
Attribute | Type | Description | Required |
|---|---|---|---|
| String | Name of the catalog (database) containing the view | No |
| String | Name of the schema containing the view | No |
| String | Name of the view to apply the policy to | Yes |
| String | Name of the catalog containing the policy (cross-schema) | No |
| String | Name of the schema containing the policy (cross-schema) | No |
| String | Name of the row access policy to apply | Yes |
| Boolean | Apply policy only if view exists using | No |
| Nested | Wrapper for columns that map to policy arguments | Yes |
column attributes (nested in rowAccessPolicyColumns)
Attribute | Type | Description | Required |
|---|---|---|---|
| String | Name of the view column to map to policy | Yes |
<?xml version="1.0" encoding="UTF-8"?>
<databaseChangeLog
xmlns="http://www.liquibase.org/xml/ns/dbchangelog"
xmlns:pro-snowflake="http://www.liquibase.org/xml/ns/pro-snowflake"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.liquibase.org/xml/ns/dbchangelog
http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-latest.xsd
http://www.liquibase.org/xml/ns/pro-snowflake
http://www.liquibase.org/xml/ns/pro-snowflake/liquibase-pro-snowflake-latest.xsd">
<!-- Add policy to view -->
<changeSet id="add-policy-on-view" author="examples">
<pro-snowflake:addRowAccessPolicyOnView
viewName="EMPLOYEE_SUMMARY_VIEW"
policyName="DEPARTMENT_ACCESS_POLICY">
<pro-snowflake:rowAccessPolicyColumns>
<pro-snowflake:column columnName="department_id"/>
<pro-snowflake:column columnName="access_level"/>
</pro-snowflake:rowAccessPolicyColumns>
</pro-snowflake:addRowAccessPolicyOnView>
</changeSet>
<!-- Add policy with IF EXISTS -->
<changeSet id="add-policy-on-view-if-exists" author="examples">
<pro-snowflake:addRowAccessPolicyOnView
viewName="SALES_REPORT_VIEW"
policyName="TENANT_ISOLATION_POLICY"
ifExists="true">
<pro-snowflake:rowAccessPolicyColumns>
<pro-snowflake:column columnName="tenant_id"/>
</pro-snowflake:rowAccessPolicyColumns>
</pro-snowflake:addRowAccessPolicyOnView>
</changeSet>
<!-- Add cross-schema policy -->
<changeSet id="add-policy-cross-schema" author="examples">
<pro-snowflake:addRowAccessPolicyOnView
viewName="FINANCE_DASHBOARD_VIEW"
policySchemaName="SECURITY"
policyName="FINANCE_ACCESS_POLICY">
<pro-snowflake:rowAccessPolicyColumns>
<pro-snowflake:column columnName="user_id"/>
</pro-snowflake:rowAccessPolicyColumns>
</pro-snowflake:addRowAccessPolicyOnView>
</changeSet>
</databaseChangeLog>