Alter Standard Table - Policies

Modifies security and privacy policies on standard tables, including row access, aggregation, and join policies.

Known limitations:

This change type does not support automatic rollback.
Snowflake snapshots created with Liquibase Secure 5.1 are incompatible with earlier versions due to enhanced object type detection for TABLES and VIEWS. Regenerate all snapshots with 5.1 after upgrading to avoid false differences in diff and diff-changelog operations.

Available attributes

Attribute	Type	Description	Required
`catalogName`	String	Name of the catalog (database) containing the table	No
`schemaName`	String	Name of the schema containing the table	No
`tableName`	String	Name of the table to alter	Yes
`ifExists`	Boolean	Only execute if the table exists	No

Row access policy

Controls row-level access to data based on user attributes.

alterRowAccessPolicy nested attributes

Attribute	Type	Description	Required
`policyName`	String	Name of the row access policy	No*
`on`	String	Column(s) the policy applies to	No
`dropPolicy`	Boolean	If true, drops the current policy	No*
`dropAllPolicies`	Boolean	If true, drops all policies	No*

*Specify either policyName to add/modify or dropPolicy/dropAllPolicies to remove.

<?xml version="1.0" encoding="UTF-8"?>
<databaseChangeLog
  xmlns="http://www.liquibase.org/xml/ns/dbchangelog"
  xmlns:pro-snowflake="http://www.liquibase.org/xml/ns/pro-snowflake"
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xsi:schemaLocation="http://www.liquibase.org/xml/ns/dbchangelog
        http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-latest.xsd
        http://www.liquibase.org/xml/ns/pro-snowflake
        http://www.liquibase.org/xml/ns/pro-snowflake/liquibase-pro-snowflake-latest.xsd">
  <!-- Add row access policy -->
  <changeSet id="add-row-access-policy" author="examples">
    <pro-snowflake:alterStandardTable tableName="SENSITIVE_CUSTOMER_DATA">
      <pro-snowflake:alterRowAccessPolicy
                policyName="CUSTOMER_ACCESS_POLICY"
                on="USER_ID"/>
    </pro-snowflake:alterStandardTable>
  </changeSet>
  <!-- Drop row access policy -->
  <changeSet id="drop-row-access-policy" author="examples">
    <pro-snowflake:alterStandardTable tableName="SENSITIVE_CUSTOMER_DATA">
      <pro-snowflake:alterRowAccessPolicy dropPolicy="true"/>
    </pro-snowflake:alterStandardTable>
  </changeSet>
</databaseChangeLog>

<?xml version="1.0" encoding="UTF-8"?>
<databaseChangeLog
  xmlns="http://www.liquibase.org/xml/ns/dbchangelog"
  xmlns:pro-snowflake="http://www.liquibase.org/xml/ns/pro-snowflake"
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xsi:schemaLocation="http://www.liquibase.org/xml/ns/dbchangelog
        http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-latest.xsd
        http://www.liquibase.org/xml/ns/pro-snowflake
        http://www.liquibase.org/xml/ns/pro-snowflake/liquibase-pro-snowflake-latest.xsd">
  <!-- Add row access policy -->
  <changeSet id="add-row-access-policy" author="examples">
    <pro-snowflake:alterStandardTable tableName="SENSITIVE_CUSTOMER_DATA">
      <pro-snowflake:alterRowAccessPolicy
                policyName="CUSTOMER_ACCESS_POLICY"
                on="USER_ID"/>
    </pro-snowflake:alterStandardTable>
  </changeSet>
  <!-- Drop row access policy -->
  <changeSet id="drop-row-access-policy" author="examples">
    <pro-snowflake:alterStandardTable tableName="SENSITIVE_CUSTOMER_DATA">
      <pro-snowflake:alterRowAccessPolicy dropPolicy="true"/>
    </pro-snowflake:alterStandardTable>
  </changeSet>
</databaseChangeLog>

Aggregation policy

Controls privacy-preserving aggregation operations.

alterAggregationPolicy nested attributes

Attribute	Type	Description	Required
`newPolicyName`	String	Name of the aggregation policy	No*
`entityKey`	String	Entity key columns	No
`dropPolicy`	Boolean	If true, drops the policy	No*
`force`	Boolean	If true, forces the operation	No

*Specify either newPolicyName to add/modify or dropPolicy to remove.

<?xml version="1.0" encoding="UTF-8"?>
<databaseChangeLog
  xmlns="http://www.liquibase.org/xml/ns/dbchangelog"
  xmlns:pro-snowflake="http://www.liquibase.org/xml/ns/pro-snowflake"
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xsi:schemaLocation="http://www.liquibase.org/xml/ns/dbchangelog
        http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-latest.xsd
        http://www.liquibase.org/xml/ns/pro-snowflake
        http://www.liquibase.org/xml/ns/pro-snowflake/liquibase-pro-snowflake-latest.xsd">
  <!-- Add aggregation policy -->
  <changeSet id="add-aggregation-policy" author="examples">
    <pro-snowflake:alterStandardTable tableName="ANALYTICS_DATA">
      <pro-snowflake:alterAggregationPolicy
                newPolicyName="AGGREGATION_POLICY"
                entityKey="USER_ID, TENANT_ID"/>
    </pro-snowflake:alterStandardTable>
  </changeSet>
  <!-- Drop aggregation policy -->
  <changeSet id="drop-aggregation-policy" author="examples">
    <pro-snowflake:alterStandardTable tableName="ANALYTICS_DATA">
      <pro-snowflake:alterAggregationPolicy dropPolicy="true"/>
    </pro-snowflake:alterStandardTable>
  </changeSet>
</databaseChangeLog>

<?xml version="1.0" encoding="UTF-8"?>
<databaseChangeLog
  xmlns="http://www.liquibase.org/xml/ns/dbchangelog"
  xmlns:pro-snowflake="http://www.liquibase.org/xml/ns/pro-snowflake"
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xsi:schemaLocation="http://www.liquibase.org/xml/ns/dbchangelog
        http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-latest.xsd
        http://www.liquibase.org/xml/ns/pro-snowflake
        http://www.liquibase.org/xml/ns/pro-snowflake/liquibase-pro-snowflake-latest.xsd">
  <!-- Add aggregation policy -->
  <changeSet id="add-aggregation-policy" author="examples">
    <pro-snowflake:alterStandardTable tableName="ANALYTICS_DATA">
      <pro-snowflake:alterAggregationPolicy
                newPolicyName="AGGREGATION_POLICY"
                entityKey="USER_ID, TENANT_ID"/>
    </pro-snowflake:alterStandardTable>
  </changeSet>
  <!-- Drop aggregation policy -->
  <changeSet id="drop-aggregation-policy" author="examples">
    <pro-snowflake:alterStandardTable tableName="ANALYTICS_DATA">
      <pro-snowflake:alterAggregationPolicy dropPolicy="true"/>
    </pro-snowflake:alterStandardTable>
  </changeSet>
</databaseChangeLog>

Join policy

Controls which columns can be used in join operations.

alterJoinPolicy nested attributes

Attribute	Type	Description	Required
`newPolicyName`	String	Name of the join policy	No*
`allowedJoinKeys`	String	Columns allowed in joins	No
`dropPolicy`	Boolean	If true, drops the policy	No*
`force`	Boolean	If true, forces the operation	No

*Specify either newPolicyName to add/modify or dropPolicy to remove.

<?xml version="1.0" encoding="UTF-8"?>
<databaseChangeLog
  xmlns="http://www.liquibase.org/xml/ns/dbchangelog"
  xmlns:pro-snowflake="http://www.liquibase.org/xml/ns/pro-snowflake"
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xsi:schemaLocation="http://www.liquibase.org/xml/ns/dbchangelog
        http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-latest.xsd
        http://www.liquibase.org/xml/ns/pro-snowflake
        http://www.liquibase.org/xml/ns/pro-snowflake/liquibase-pro-snowflake-latest.xsd">
  <!-- Add join policy -->
  <changeSet id="add-join-policy" author="examples">
    <pro-snowflake:alterStandardTable tableName="RESTRICTED_JOINS">
      <pro-snowflake:alterJoinPolicy
                newPolicyName="JOIN_POLICY"
                allowedJoinKeys="ID, USER_ID"/>
    </pro-snowflake:alterStandardTable>
  </changeSet>
  <!-- Drop join policy -->
  <changeSet id="drop-join-policy" author="examples">
    <pro-snowflake:alterStandardTable tableName="RESTRICTED_JOINS">
      <pro-snowflake:alterJoinPolicy dropPolicy="true"/>
    </pro-snowflake:alterStandardTable>
  </changeSet>
</databaseChangeLog>

<?xml version="1.0" encoding="UTF-8"?>
<databaseChangeLog
  xmlns="http://www.liquibase.org/xml/ns/dbchangelog"
  xmlns:pro-snowflake="http://www.liquibase.org/xml/ns/pro-snowflake"
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xsi:schemaLocation="http://www.liquibase.org/xml/ns/dbchangelog
        http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-latest.xsd
        http://www.liquibase.org/xml/ns/pro-snowflake
        http://www.liquibase.org/xml/ns/pro-snowflake/liquibase-pro-snowflake-latest.xsd">
  <!-- Add join policy -->
  <changeSet id="add-join-policy" author="examples">
    <pro-snowflake:alterStandardTable tableName="RESTRICTED_JOINS">
      <pro-snowflake:alterJoinPolicy
                newPolicyName="JOIN_POLICY"
                allowedJoinKeys="ID, USER_ID"/>
    </pro-snowflake:alterStandardTable>
  </changeSet>
  <!-- Drop join policy -->
  <changeSet id="drop-join-policy" author="examples">
    <pro-snowflake:alterStandardTable tableName="RESTRICTED_JOINS">
      <pro-snowflake:alterJoinPolicy dropPolicy="true"/>
    </pro-snowflake:alterStandardTable>
  </changeSet>
</databaseChangeLog>