Creates a security policy that can be bound to one or more security resources, for one or more roles.
A security resource is a set of SQL predicates, associated to basic operations (eg. CREATE, READ and so on), that are evaluated for each record to determine if the operation is allowed or not.
CREATE SECURITY POLICY <name> [ SET ( [CREATE | READ | BEFORE UPDATE | AFTER UPDATE | DELETE | EXECUTE] = (<sqlPredicate>) )*
<name>The security policy name. I is used in the GRANT statement to bind it to a role and a resoruce
<sqlPredicate>a valid SQL predicate
Create an empty policy
CREATE SECURITY POLICY foo
Create a security policy with all the predicates defined:
CREATE SECURITY POLICY foo SET CREATE = (name = 'foo'), READ = (TRUE), BEFORE UPDATE = (name = 'foo'), AFTER UPDATE = (name = 'foo'), DELETE = (name = 'foo'), EXECUTE = (name = 'foo')
For more information, see