创建使用case语句封装行级安全性的函数

编程问答 2022-06-07

问题描述

我想创建一个函数来实现雪花DW中的行级安全性以进行报告。为此,我们希望创建一个将逻辑保留在内部并在选择查询中调用它的函数。

但是创建此函数会引发错误:

CREATE or replace FUNCTION derive_sbg()
returns NUMBER(1,0)
as $$ CASE
    when (select current_role()) = 'z_DEPARTMENT_A_DEVELOPER' and SBG   = 'A' then 1 
    when (select current_role()) = 'z_DEPARTMENT_B_DEVELOPER' and SBG   = 'B' then 1  
    when (select current_role()) = 'z_DEPARTMENT_C_DEVELOPER' and SBG   = 'C' then 1  
    when (select current_role()) = 'z_DEPARTMENT_D_DEVELOPER' and SBG   = 'D' then 1  
    when (select current_role()) = 'z_DEPARTMENT_E_DEVELOPER' and SBG   = 'E' then 1  
    when (select current_role()) = 'z_DEPARTMENT_ALL_DEVELOPER' and  SBG in ('A','B','C','D','E') then 1 
    ELSE 0 END $$;

错误:SQL编译错误:位置71的错误第2行无效标识符'SBG'

注意: SBG是dev.corp_report.sales_info表中的列

但是,当我按如下所述直接在我的选择查询中运行逻辑(函数)时,可以完美 

select * from dev.corp_report.sales_info  WHERE 1 = 
CASE
when (select current_role()) = 'z_DEPARTMENT_A_DEVELOPER' and SBG   = 'A' then 1 
when (select current_role()) = 'z_DEPARTMENT_B_DEVELOPER' and SBG   = 'B' then 1  
when (select current_role()) = 'z_DEPARTMENT_C_DEVELOPER' and SBG   = 'C' then 1  
when (select current_role()) = 'z_DEPARTMENT_D_DEVELOPER' and SBG   = 'D' then 1  
when (select current_role()) = 'z_DEPARTMENT_E_DEVELOPER' and SBG   = 'E' then 1  
when (select current_role()) = 'z_DEPARTMENT_ALL_DEVELOPER' and  SBG in ('A','E') then 1 
ELSE 0 END;

所以我想将此逻辑隐藏在函数中,并在我的安全视图中像这样使用它

select * 
    from dev.corp_report.sales_info 
    WHERE 1 = derive_sbg();

您的指导将不胜感激。 -致谢

解决方法

在该函数上没有可以引用SBG的表; 

CREATE or replace FUNCTION derive_sbg() returns NUMBER(1,0) as $$ CASE when (select 
current_role()) = 'z_DEPARTMENT_A_DEVELOPER' and SBG = 'A' then 1 when (select 
current_role()) = 'z_DEPARTMENT_B_DEVELOPER' and SBG = 'B' then 1
when (select current_role()) = 'z_DEPARTMENT_C_DEVELOPER' and SBG = 'C' then 1
when (select current_role()) = 'z_DEPARTMENT_D_DEVELOPER' and SBG = 'D' then 1
when (select current_role()) = 'z_DEPARTMENT_E_DEVELOPER' and SBG = 'E' then 1
when (select current_role()) = 'z_DEPARTMENT_ALL_DEVELOPER' and SBG in 
('A','B','C','D','E') then 1 ELSE 0 END from dev.corp_report.sales_info $$
row-level-securitysnowflake-cloud-data-platformsqlsql

相关问答

matplotlib报错:AttributeError: module 'backend_interagg' has no attribute 'FigureCanvas'. Did you mean: 'FigureCanvasAgg'?
使用本地python环境可以成功执行 import pandas as pd impor...
gitlab登录失败,报错:This challenge page was accidentally cached by an intermediary and is no longer available.
设置时间 控制面板
后端开发常见错误
错误1:Request method ‘DELETE‘ not supported 错误还原:...
docker常见错误
错误1:启动docker镜像时报错:Error response from daemon:...
idea常见错误
错误1:private field ‘xxx‘ is never assigned 按Alt...
pip安装依赖失败
报错如下,通过源不能下载,最后警告pip需升级版本 Requirem...