RESTRICT ROWS
Configures the column used for row-level access control; you can only define one Primary Key column. If the column is already configured, running the RESTRICT ROWS command replaces the definition.
Use DESCRIBE TABLE to view the existing restrictions on the table. |
Synopsis
RESTRICT ROWS ON [<keyspace_name>.]<table_name> USING <pk_column_name> ;
Syntax legend
Syntax conventions | Description |
---|---|
UPPERCASE |
Literal keyword. |
Lowercase |
Not literal. |
|
Variable value. Replace with a user-defined value. |
|
Optional.
Square brackets ( |
|
Group.
Parentheses ( |
|
Or.
A vertical bar ( |
|
Repeatable.
An ellipsis ( |
|
Single quotation ( |
|
Map collection.
Braces ( |
Set, list, map, or tuple.
Angle brackets ( |
|
|
End CQL statement.
A semicolon ( |
|
Separate the command line options from the command arguments with two hyphens ( |
|
Search CQL only: Single quotation marks ( |
|
Search CQL only: Identify the entity and literal value to overwrite the XML element in the schema and solrConfig files. |
Examples
For the cyclist_expenses
table, configure the cyclist_name
column for filtering so that permissions can be assigned.
In this example, we identify the column so that each cyclist can view only their own expenses:
RESTRICT ROWS ON cyclist_expenses USING cyclist_name;
RLAC requires two commands: a single RESTRICT and one or more GRANT commands. For example, cyclist Vera Adrian can view her expenses:
GRANT SELECT ON 'Vera ADRIAN' ROWS IN cyclist_expenses TO cycling_accounts;
The <filtering_data> string is case-sensitive. |