alterRowAccessPolicyBody
Modifies the boolean expression (body) of an existing row access policy in Snowflake. This changes the access control logic without affecting the policy signature.
Note: This change type does not support automatic rollback or database inspection features (snapshot, diff, diff-changelog, and generate-changelog commands).
Available attributes
Attribute | Type | Description | Required |
|---|---|---|---|
| String | Name of the catalog (database) containing the policy | No |
| String | Name of the schema containing the policy | No |
| String | Name of the row access policy to alter | Yes |
| Boolean | Only alter if the policy exists using | No |
| String | New boolean expression for the policy | Yes |
<?xml version="1.0" encoding="UTF-8"?>
<databaseChangeLog
xmlns="http://www.liquibase.org/xml/ns/dbchangelog"
xmlns:pro-snowflake="http://www.liquibase.org/xml/ns/pro-snowflake"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.liquibase.org/xml/ns/dbchangelog
http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-latest.xsd
http://www.liquibase.org/xml/ns/pro-snowflake
http://www.liquibase.org/xml/ns/pro-snowflake/liquibase-pro-snowflake-latest.xsd">
<!-- Basic body update -->
<changeSet id="alter-row-access-policy-body-basic" author="examples">
<pro-snowflake:alterRowAccessPolicyBody policyName="DEPARTMENT_ACCESS_POLICY">
<pro-snowflake:newBody>CURRENT_ROLE() IN ('ADMIN', 'HR', 'MANAGER')</pro-snowflake:newBody>
</pro-snowflake:alterRowAccessPolicyBody>
</changeSet>
<!-- Body update with IF EXISTS -->
<changeSet id="alter-row-access-policy-body-if-exists" author="examples">
<pro-snowflake:alterRowAccessPolicyBody
policyName="TENANT_ISOLATION_POLICY"
ifExists="true">
<pro-snowflake:newBody>tenant_id = CURRENT_USER() AND access_level >= 5</pro-snowflake:newBody>
</pro-snowflake:alterRowAccessPolicyBody>
</changeSet>
</databaseChangeLog>