NoDataDmlStatements
Last updated: September 2, 2025
NoDataDmlStatements is a custom policy check that does not allow DATA DML statements.
regex: (?i)insert\s*into|delete\s*from|update\s*([^\s]+)\s*set
Before you begin
Scope | Database |
changelog | Relational |
Liquibase 4.29.0+
Configure a valid Liquibase Secure license key
Ensure the Liquibase Checks extension is installed. In Liquibase 4.31.0+, it is already installed in the
/liquibase/internal/libdirectory, so no action is needed.If the checks JAR is not installed, download liquibase-checks-<version>.jar and put it in the
liquibase/libdirectory.(Maven users only) Add the
liquibase-checksdependency to yourpom.xmlfile. See Add extensions with Maven for more information.Java Development Kit 17+ (available for Open JDK and Oracle JDK)
Linux, macOS, or Windows operating system
Procedure
These steps describe how to create the Custom Policy Check. It does not exist by default in Liquibase Secure.
Run this command in the CLI:
liquibase checks customize --check-name=SqlUserDefinedPatternCheckGive your check a short name for easy identification
Use up to 64 alpha-numeric characters only.
In this example we will use:
MultipleGrantsNotAllowedSet the Severity to return a code of 0-4 when triggered.
These severity codes allow you to determine if the job moves forward or stops when this check triggers.
Learn more here: Use Policy Checks in Automation: Severity and Exit Code
options: 'INFO'=0, 'MINOR'=1, 'MAJOR'=2, 'CRITICAL'=3, 'BLOCKER'=4
Set the SEARCH_STRING to this valid regular expression:
Regular expression search string:
(?is)[\t\r\n\s]*\bgrant\b[\t\r\n\s]+.*[\t\r\n\s]+\bgrant\b[\t\r\n\s]+Set the MESSAGE to display when a match for the regular expression <SEARCH_STRING> is found in a Changeset.
In this example we will use:
Error! Multiple GRANT statements not allowed in a single changeset. Only a single GRANT statement is allowed.