问题描述
我想创建一个函数来实现雪花DW中的行级安全性以进行报告。为此,我们希望创建一个将逻辑保留在内部并在选择查询中调用它的函数。
但是创建此函数会引发错误:
CREATE or replace FUNCTION derive_sbg()
returns NUMBER(1,0)
as $$ CASE
when (select current_role()) = 'z_DEPARTMENT_A_DEVELOPER' and SBG = 'A' then 1
when (select current_role()) = 'z_DEPARTMENT_B_DEVELOPER' and SBG = 'B' then 1
when (select current_role()) = 'z_DEPARTMENT_C_DEVELOPER' and SBG = 'C' then 1
when (select current_role()) = 'z_DEPARTMENT_D_DEVELOPER' and SBG = 'D' then 1
when (select current_role()) = 'z_DEPARTMENT_E_DEVELOPER' and SBG = 'E' then 1
when (select current_role()) = 'z_DEPARTMENT_ALL_DEVELOPER' and SBG in ('A','B','C','D','E') then 1
ELSE 0 END $$;
错误:SQL编译错误:位置71的错误第2行无效标识符'SBG'
注意: SBG是dev.corp_report.sales_info表中的列
但是,当我按如下所述直接在我的选择查询中运行逻辑(函数)时,可以完美
select * from dev.corp_report.sales_info WHERE 1 =
CASE
when (select current_role()) = 'z_DEPARTMENT_A_DEVELOPER' and SBG = 'A' then 1
when (select current_role()) = 'z_DEPARTMENT_B_DEVELOPER' and SBG = 'B' then 1
when (select current_role()) = 'z_DEPARTMENT_C_DEVELOPER' and SBG = 'C' then 1
when (select current_role()) = 'z_DEPARTMENT_D_DEVELOPER' and SBG = 'D' then 1
when (select current_role()) = 'z_DEPARTMENT_E_DEVELOPER' and SBG = 'E' then 1
when (select current_role()) = 'z_DEPARTMENT_ALL_DEVELOPER' and SBG in ('A','E') then 1
ELSE 0 END;
所以我想将此逻辑隐藏在函数中,并在我的安全视图中像这样使用它
select *
from dev.corp_report.sales_info
WHERE 1 = derive_sbg();
您的指导将不胜感激。 -致谢
解决方法
在该函数上没有可以引用SBG的表;
CREATE or replace FUNCTION derive_sbg() returns NUMBER(1,0) as $$ CASE when (select
current_role()) = 'z_DEPARTMENT_A_DEVELOPER' and SBG = 'A' then 1 when (select
current_role()) = 'z_DEPARTMENT_B_DEVELOPER' and SBG = 'B' then 1
when (select current_role()) = 'z_DEPARTMENT_C_DEVELOPER' and SBG = 'C' then 1
when (select current_role()) = 'z_DEPARTMENT_D_DEVELOPER' and SBG = 'D' then 1
when (select current_role()) = 'z_DEPARTMENT_E_DEVELOPER' and SBG = 'E' then 1
when (select current_role()) = 'z_DEPARTMENT_ALL_DEVELOPER' and SBG in
('A','B','C','D','E') then 1 ELSE 0 END from dev.corp_report.sales_info $$