Masking policies require the following gatekeeper functions:
Arguments:
A single STRING argument containing comma-separated authorization IDs. For example,
'admin@%,guest'or'`user`@`localhost`,admin`. When used in aCREATE MASKING POLICYgatekeeper function, the argument must be a string literal. Dynamic expressions, such as column references, are not allowed and raise an error.
Return Value: Boolean.
Examples:
SELECT CURRENT_USER_IN('admin');: returns true if the current user isadmin@%.SELECT CURRENT_USER_IN('user@localhost');: returns true if the current user is and exact host match withuser@localhost.
Arguments:
A single STRING argument containing comma-separated authorization IDs. When used in a
CREATE MASKING POLICYgatekeeper function, the argument must be a string literal. Dynamic expressions, such as column references, are not allowed and raise an error.Returns true if any of the active roles matches any in the supplied list, and false if no match exists.
Return Value: Boolean.
Examples, assuming existence of
role1androle2:SELECT CURRENT_ROLE_IN('role1');: returns true becauserole1is active.SELECT CURRENT_ROLE_IN('admin@%,role2');: returns true becauserole2is active.