CREATE FEATURE POLICY

Creates a new feature policy.

See also:

ALTER FEATURE POLICY , DESCRIBE FEATURE POLICY, DROP FEATURE POLICY, SHOW FEATURE POLICIES

语法

CREATE [ OR REPLACE ] FEATURE POLICY [ IF NOT EXISTS ] <name>
  BLOCKED_OBJECT_TYPES_FOR_CREATION = ( <type> [ , ... ] )
  [ COMMENT = '<string-literal>' ]

参数

name

指定功能策略的标识符。

In addition, the identifier must start with an alphabetic character and cannot contain spaces or special characters unless the entire identifier string is enclosed in double quotes (for example, "My object"). Identifiers enclosed in double quotes are also case-sensitive.

For more information, see Identifier requirements.

BLOCKED_OBJECT_TYPES_FOR_CREATION = ( type [ , ... ] )

指定应用程序无法在使用者账户中创建的对象列表。以下对象可能会被阻止:

  • COMPUTE POOLS
  • WAREHOUSES
  • TASKS
  • DATABASES
COMMENT = 'string_literal'

字符串(字面量),用于指定功能策略注释。

默认:无值

访问控制要求

A role used to execute this operation must have the following privileges at a minimum:

权限对象备注
CREATE FEATURE POLICYSCHEMA授予创建功能策略的能力。您必须对包含要创建的策略的架构设置此权限。

Operating on an object in a schema requires at least one privilege on the parent database and at least one privilege on the parent schema.

For instructions on creating a custom role with a specified set of privileges, see Creating custom roles.

For general information about roles and privilege grants for performing SQL actions on securable objects, see Overview of Access Control.

使用说明

  • If a policy is bound to an object, for example an account or an app, the policy cannot be replaced. Use the ALTER FEATURE POLICY to update or rename the feature policy.
  • 此命令不支持使用 CLONE 子句来创建功能策略的副本。

示例

以下示例创建了一个新的功能策略以禁止应用程序创建数据库:

CREATE FEATURE POLICY block_create_db_policy
  BLOCKED_OBJECT_TYPES_FOR_CREATION = (DATABASES);

以下示例创建了新的功能策略,但未指定任何要禁止的对象。

CREATE FEATURE POLICY block_nothing_policy
  BLOCKED_OBJECT_TYPES_FOR_CREATION = ();

Note

此语法通常应用于应用程序,以解除在账户级别应用的任何限制。