RESTRICT
Configures the column on which permissions can be granted.
Configures the column on which permissions can be granted.
Tables have only a single restriction. Running the RESTRICT command replaces the existing restriction. Use DESCRIBE TABLE to view the existing restrictions on the table. The column must be part of the partition key.
Synopsis
RESTRICT ROWS ON [keyspace_name.]table_name USING pk_column_name ;
| Syntax conventions | Description |
|---|---|
| UPPERCASE | Literal keyword. |
| Lowercase | Not literal. |
Italics |
Variable value. Replace with a user-defined value. |
[] |
Optional. Square brackets ( [] ) surround
optional command arguments. Do not type the square brackets. |
( ) |
Group. Parentheses ( ( ) ) identify a group to
choose from. Do not type the parentheses. |
| |
Or. A vertical bar ( | ) separates alternative
elements. Type any one of the elements. Do not type the vertical
bar. |
... |
Repeatable. An ellipsis ( ... ) indicates that
you can repeat the syntax element as often as required. |
'Literal string' |
Single quotation ( ' ) marks must surround
literal strings in CQL statements. Use single quotation marks to
preserve upper case. |
{ key : value
} |
Map collection. Braces ( { } ) enclose map
collections or key value pairs. A colon separates the key and the
value. |
<datatype1,datatype2> |
Set, list, map, or tuple. Angle brackets ( <
> ) enclose data types in a set, list, map, or tuple.
Separate the data types with a comma. |
cql_statement; |
End CQL statement. A semicolon ( ; ) terminates
all CQL statements. |
[--] |
Separate the command line options from the command arguments with
two hyphens ( -- ). This syntax is useful when
arguments might be mistaken for command line options. |
' <schema> ... </schema>
' |
Search CQL only: Single quotation marks ( ' )
surround an entire XML schema declaration. |
@xml_entity='xml_entity_type' |
Search CQL only: Identify the entity and literal value to overwrite the XML element in the schema and solrConfig files. |
Examples
For the cyclist_expenses table, configure the
cyclist_name column for filtering so that permissions can be assigned. In
this example, we identify the column so that each cyclist can view only their own expenses:
RESTRICT ROWS ON cyclist_expenses USING cyclist_name;
RLAC requires two commands: a single RESTRICT and one or more GRANT commands. For example,
cyclist Vera Adrian can view her
expenses:
GRANT SELECT ON 'Vera ADRIAN' ROWS IN cyclist_expenses TO cycling_accounts;
Note: The filtering_data string is case-sensitive.