CREATE PROJECTION POLICY¶
Creates a new projection policy in the current/specified schema or replaces an existing projection policy.
After creating a projection policy, apply the projection policy to a table column using an ALTER TABLE … ALTER COLUMN command or a view column using the ALTER VIEW command.
- See also:
Syntax¶
CREATE [ OR REPLACE ] PROJECTION POLICY [ IF NOT EXISTS ] <name>
AS () RETURNS PROJECTION_CONSTRAINT -> <body>
[ COMMENT = '<string_literal>' ]
Parameters¶
nameIdentifier for the projection policy; must be unique for your schema.
The identifier value must start with an alphabetic character and cannot contain spaces or special characters unless the entire identifier string is enclosed in double quotes (e.g.
"My object"). Identifiers enclosed in double quotes are also case-sensitive.For more details, see Identifier requirements.
bodySQL expression that determines whether to project a column.
The expression calls the internal PROJECTION_CONSTRAINT function to allow or prevent the projection of a column:
PROJECTION_CONSTRAINT(ALLOW => TRUE)— Allows the column to which the projection policy is attached to be projected.PROJECTION_CONSTRAINT(ALLOW => FALSE)— Does not allow the column to which the projection policy is attached to be projected.
COMMENT = 'string_literal'Adds a comment or overwrites an existing comment for the projection policy.
Access control requirements¶
A role used to execute this SQL command must have the following privileges at a minimum:
Privilege |
Object |
Notes |
|---|---|---|
CREATE PROJECTION POLICY |
Schema |
Note that operating on any object in a schema also requires the USAGE privilege on the parent database and schema.
For instructions on creating a custom role with a specified set of privileges, see Creating custom roles.
For general information about roles and privilege grants for performing SQL actions on securable objects, see Overview of Access Control.
For additional details on projection policy DDL and privileges, see Privileges and commands.
Usage notes¶
If you want to update an existing projection policy and need to see the current definition of the policy, run the DESCRIBE PROJECTION POLICY command or GET_DDL function.
Regarding metadata:
Attention
Customers should ensure that no personal data (other than for a User object), sensitive data, export-controlled data, or other regulated data is entered as metadata when using the Snowflake service. For more information, see Metadata Fields in Snowflake.
Examples¶
Do not allow projecting a column:
CREATE OR REPLACE PROJECTION POLICY do_not_project AS () RETURNS PROJECTION_CONSTRAINT -> PROJECTION_CONSTRAINT(ALLOW => false);
Project a column for the analyst custom role, otherwise do not project the column:
CREATE OR REPLACE PROJECTION POLICY project_analyst_only AS () RETURNS PROJECTION_CONSTRAINT -> CASE WHEN CURRENT_ROLE() = 'ANALYST' THEN PROJECTION_CONSTRAINT(ALLOW => true) ELSE PROJECTION_CONSTRAINT(ALLOW => false) END;