alterDynamicTable policies
Modifies security and privacy policies on dynamic tables, including row access and aggregation policies.
Known limitations:
This change type does not support automatic rollback.
Snowflake snapshots created with Liquibase Secure 5.1 are incompatible with earlier versions due to enhanced object type detection for TABLES and VIEWS. Regenerate all snapshots with 5.1 after upgrading to avoid false differences in diff and diff-changelog operations.
Row access policy
Controls row-level access to data based on user attributes.
Available attributes
Attribute | Type | Description | Required |
|---|---|---|---|
| String | Name of the catalog (database) containing the table | No |
| String | Name of the schema containing the table | No |
| String | Name of the dynamic table to alter | Yes |
| Boolean | Only execute if the table exists | No |
alterRowAccessPolicy nested attributes
Attribute | Type | Description | Required |
|---|---|---|---|
| String | Name of the row access policy | No* |
| String | Column(s) the policy applies to | No |
| Boolean | If true, drops the current policy | No* |
| Boolean | If true, drops all policies | No* |
*Specify either policyName to add/modify or dropPolicy/dropAllPolicies to remove.
<?xml version="1.0" encoding="UTF-8"?>
<databaseChangeLog
xmlns="http://www.liquibase.org/xml/ns/dbchangelog"
xmlns:pro-snowflake="http://www.liquibase.org/xml/ns/pro-snowflake"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.liquibase.org/xml/ns/dbchangelog
http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-latest.xsd
http://www.liquibase.org/xml/ns/pro-snowflake
http://www.liquibase.org/xml/ns/pro-snowflake/liquibase-pro-snowflake-latest.xsd">
<!-- Add row access policy -->
<changeSet id="add-row-access-policy" author="examples">
<pro-snowflake:alterDynamicTable tableName="SENSITIVE_SUMMARY">
<pro-snowflake:alterRowAccessPolicy
policyName="SUMMARY_ACCESS_POLICY"
on="USER_ID"/>
</pro-snowflake:alterDynamicTable>
</changeSet>
<!-- Drop row access policy -->
<changeSet id="drop-row-access-policy" author="examples">
<pro-snowflake:alterDynamicTable tableName="SENSITIVE_SUMMARY">
<pro-snowflake:alterRowAccessPolicy dropPolicy="true"/>
</pro-snowflake:alterDynamicTable>
</changeSet>
</databaseChangeLog>Aggregation policy
Controls privacy-preserving aggregation operations.
alterAggregationPolicy nested attributes
Attribute | Type | Description | Required |
|---|---|---|---|
| String | Name of the aggregation policy | No* |
| String | Entity key columns | No |
| Boolean | If true, unsets the policy | No* |
| Boolean | If true, forces the operation | No |
*Specify either newPolicyName to add/modify or unsetPolicy to remove.
<?xml version="1.0" encoding="UTF-8"?>
<databaseChangeLog
xmlns="http://www.liquibase.org/xml/ns/dbchangelog"
xmlns:pro-snowflake="http://www.liquibase.org/xml/ns/pro-snowflake"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.liquibase.org/xml/ns/dbchangelog
http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-latest.xsd
http://www.liquibase.org/xml/ns/pro-snowflake
http://www.liquibase.org/xml/ns/pro-snowflake/liquibase-pro-snowflake-latest.xsd">
<!-- Add aggregation policy -->
<changeSet id="add-aggregation-policy" author="examples">
<pro-snowflake:alterDynamicTable tableName="ANALYTICS_SUMMARY">
<pro-snowflake:alterAggregationPolicy
newPolicyName="AGGREGATION_POLICY"
entityKey="USER_ID, TENANT_ID"/>
</pro-snowflake:alterDynamicTable>
</changeSet>
<!-- Unset aggregation policy -->
<changeSet id="unset-aggregation-policy" author="examples">
<pro-snowflake:alterDynamicTable tableName="ANALYTICS_SUMMARY">
<pro-snowflake:alterAggregationPolicy unsetPolicy="true"/>
</pro-snowflake:alterDynamicTable>
</changeSet>
</databaseChangeLog>