Does snowflake support multiple row access policies on a table.
Say I have 3 policies A, B, C and I want to enforce these policies on a single table T.
No, at this point we can have 1 RAP per table.
Thanks for the question.
Srinath is right we only have one Row Access Policy per table, you can apply multiple masking policies on a table not sure if that serves your purpose. If it does do check out https://docs.snowflake.com/en/sql-reference/sql/create-masking-policy.html
Related
We are planning on using row access policy in snowflake. I can apply the policy to individual tables and view.
Question:
Is there a way to apply to all tables and views in the database ?
Is there a way to apply to future tables as well as and when they are created?
There isn't an official feature to apply a row access policy to multiple tables in a single command.
Row access policies need to specify columns/values to be passed into the policy for each table. Any way to apply a row access policy to multiple tables (including future tables) would require you to identify which columns/values to pass in for all those tables.
In theory, you could write a script that scans the tables, deduces which column values to pass as arguments to your row access policy, and constructs a command to apply the policy to each table.
But there's no way to constrain the creation of new tables to ensure they will always have columns with specific names or characteristics. So if you're allowing new tables to be created, then there's a possibility that a table will be created that cannot have a given row access policy applied to it. Therefore, it wouldn't be sensible to have a command that causes a row access policy to get applied automatically to future tables.
I know that masking policies can be assigned to columns, for example:
alter table if exists user_info modify column email set masking policy email_mask;
But can we assign one masking policy to a tag? So that all the columns with the tag in one table can automatically be assigned the masking policy?
Thanks.
The simple answer is No. Masking policies can only be attached on columns of Tables and Views.
If you are looking to automatically assign Masking Policies to tagged columns, you can do the following:
Join the COLUMNS View and TAG_REFERENCES View to generate an ALTER Statement that sets the masking policy to tagged columns that doesn't have masking policies assigned to them
Put it in a Stored Procedure
Schedule a Task to run the Stored Procedure regularly
As of June 2022, tag-based masking policies are now in public preview:
https://docs.snowflake.com/en/release-notes/preview-features.html
https://docs.snowflake.com/en/user-guide/tag-based-masking-policies.html
In a database (Microsoft Access, Relational), is it possible to restrict access to a specific field in a table for a certain group?
So the group would have access to the table but not see one of the fields?
If not, is the only way to do this by seperating the data into another table and restricting it for this group?
You can not restrict access to a specific field.
However, you can create a query based off a table. And you can also set a table's "Visible" property to "No". This isn't foolproof; if the user knows how to change the properties of a table then they can change it back to "Visible".
There really is no 100% foolproof way to lock down an Access database entirely. However, you can make it awfully difficult by hiding the objects, hiding the database and bypassing the CTRL key (to avoid the old Shift/CTRL trick).
You can create different views for difference users | users group with only required columns that they should allow to access. Then grant permission for users/user groups on those views accordingly.
I'm working on some asp.net application, I got stuck in following business.
Suppose we have a person, and he can open both types of accounts and each account has some transaction history. Person table has some primary key say PPK, and customer table has some PK as PIN.
My question is how to solve/present this scenario in database, relation of person table to customer table is 1:2 as no person can have more than two account. and what about that transaction table? that holds all transaction history for some specific account? shall I make two transaction table (which is really a bad idea because as account type exceeds transaction tables exceeds).
Can I build their relation as 1:* (then I may need another table for that. it holds Fk of both table. )
or Can make pin as unique key and always open database for like checking limit of accounts (i.e. two).
I really need some suggestions.
All suggestions are welcome.
Thanks!
P.S: If you dont understand the question please ask me before reporting it away please!
You can either do something like this:
Or something like this:
The first model allows adding more accounts by just changing the CHECK (in case requirements change in the future), while the second would require adding another column in such case.
NOTE: The above assumes both account types are structurally identical, so they "fit" into same table. If that's not the case, you can use inheritance.
Ok you have a person table and an account table with a foreign key relationship between the two which is 1 person to many accounts. Then you have a transaction table that is related to the account id in the account table which is also 1 account to many transacations.
Now to enforce the limit of only two accounts being allowed, for that you want a trigger that checks when a record is being inserted or updated to amek sure the person currently has no more than one other record.
Is there any way through which we can relate 1 account record with other account records in a many to many relationship format in salesforce? This is not possible as per the standard way, as we can not create many-to-many relationship with the same object type in salesforce. Can anyone pls suggest some custom way/code to do this?
I have a requirement where I need to link for eg: Account A with Account B and Account C so that I can see the contacts of Account B and C on Account A.
Any help will be much appreciated!
To create a many-many relationship in salesforce you would need a joiner object that has two master-details to account (There is actually already a standard object called Partner that may fit your needs).
To see the contacts of related accounts it's probably easiest to create a simple visualforce page that will query the contacts of related accounts and display them.
You can create a relationship between two account objects using a join object. You must use two lookup field type to relate the objects - a master detail relationship will not work if you are trying to relate the same object.
As per the comment by #grigriforce this can also be done as a master-detail with Account and a Lookup as well as two Lookups.