从补丁 198 开始,Amazon Redshift 将不再支持创建新的 Python UDF。现有的 Python UDF 将继续正常运行至 2026 年 6 月 30 日。有关更多信息,请参阅[博客文章](https://www.amazonaws.cn/blogs/big-data/amazon-redshift-python-user-defined-functions-will-reach-end-of-support-after-june-30-2026/)。
# SHOW POLICIES
显示数据库中定义的行级别安全性(RLS)和动态数据掩蔽(DDM)策略,以及适用于特定关系的 RLS 和 DDM 策略。只有超级用户或在数据库中拥有 `sys:secadmin` 角色的用户才能查看这些策略的结果。
## 语法
```
SHOW { RLS | MASKING } POLICIES
[
ON { database_name.schema_name.relation_name
| schema_name.relation_name
}
[ FOR { user_name | ROLE role_name | PUBLIC } ]
|
FROM DATABASE database_name
]
[ LIMIT row_limit ];
```
## 参数
*database\$1name*
要显示其中策略的数据库的名称。
*schema\$1name*
要显示其上附加的策略的关系的架构名称。
*relation\$1name*
要显示其上附加的策略的关系的名称。
*user\$1name*
已为其关系附加策略的用户的名称。
*role\$1name*
已为其关系附加策略的角色的名称。
*row\$1limit*
要返回的最大行数。*row\$1limit* 可以是 0–10000。
**注意**
Amazon Redshift 联合身份验证权限目录支持显示已连接数据库之外的其他数据库中的策略。SHOW POLICIES 命令支持对数据仓库中所有带 Amazon Redshift 联合身份验证权限的数据库进行跨数据库查询
## 示例
以下命令显示已连接数据库的 RLS 策略。
```
SHOW RLS POLICIES;
policy_name | policy_alias | policy_atts | policy_qual | policy_enabled | policy_modified_by | policy_modified_time
----------------+--------------+------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------+----------------+--------------------+----------------------------
policy_america | rls_table | [{"colname":"region","type":"character varying(10)"}] | (("rls_table"."region" = CAST('USA' AS TEXT)) OR ("rls_table"."region" = CAST('CANADA' AS TEXT)) OR ("rls_table"."region" = CAST('Mexico' AS TEXT))) | t | admin | 2025-11-07 14:57:27
```
以下命令显示数据库“sales\$1db.finance-catalog”中的掩蔽策略;
```
SHOW MASKING POLICIES FROM DATABASE "sales_db@finance-catalog";
policy_name | input_columns | policy_expression | policy_modified_by | policy_modified_time
---------------+------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------+--------------------+----------------------------
hash_credit | [{"colname":"credit_card","type":"character varying(256)"}] | [{"expr":"SHA2((\"masked_table\".\"credit_card\" + CAST('testSalt' AS TEXT)), CAST(256 AS INT4))","type":"text"}] | admin | 2025-11-07 16:05:54
hash_username | [{"colname":"username","type":"character varying(256)"}] | [{"expr":"SHA2((\"masked_table\".\"username\" + CAST('otherTestSalt' AS TEXT)), CAST(256 AS INT4))","type":"text"}] | admin | 2025-11-07 16:07:08
(2 rows)
```
以下命令显示关系 sales\$1table 上附加的 RLS 策略;
```
SHOW RLS POLICIES ON sales_schema.sales_table;
policy_name | schema_name | relation_name | relation_kind | grantor | grantee | grantee_kind | is_policy_on | is_rls_on | rls_conjunction_type
----------------+--------------+---------------+---------------+----------+---------------------------+--------------+--------------+-----------+----------------------
policy_global | sales_schema | sales_table | table | admin | sales_analyst_role_global | role | t | t | and
policy_america | sales_schema | sales_table | table | admin | sales_analyst_usa | user | t | t | and
```
以下命令显示数据库“sales\$1db.finance-catalog”中的关系 transaction\$1table 上附加的掩蔽策略。
```
SHOW MASKING POLICIES ON "sales_db@finance-catalog".sales_schema.transaction_table LIMIT 1;
policy_name | schema_name | relation_name | relation_type | grantor | grantee | grantee_type | priority | input_columns | output_columns
---------------+--------------+-------------------+---------------+----------+--------------------------+--------------+----------+-------------------+-------------------
hash_username | sales_schema | transaction_table | table | admin | transaction_analyst_role | role | 100 | ["user_name"] | ["user_name"]
```
以下命令显示用户“IAMR:sales\$1analyst\$1usa”的数据库“sales\$1db.finance-catalog”中的关系 sales\$1table 上附加的 RLS 策略。
```
SHOW RLS POLICIES ON "sales_db@finance-catalog".sales_schema.sales_table FOR "IAMR:sales_analyst_usa";
policy_name | schema_name | relation_name | relation_kind | grantor | grantee | grantee_kind | is_policy_on | is_rls_on | rls_conjunction_type
----------------+--------------+---------------+---------------+----------+------------------------+--------------+--------------+-----------+----------------------
policy_america | sales_schema | sales_table | table | admin | IAMR:sales_analyst_usa | user | t | t | and
```
以下命令显示角色 transaction\$1analyst\$1role 的数据库“sales\$1db.finance-catalog”中的关系 transaction\$1table 上附加的 RLS 策略。
```
SHOW MASKING POLICIES ON sales_schema.transaction_table FOR ROLE transaction_analyst_role;
policy_name | schema_name | relation_name | relation_type | grantor | grantee | grantee_type | priority | input_columns | output_columns
---------------+--------------+-------------------+---------------+----------+--------------------------+--------------+----------+---------------+----------------
hash_username | sales_schema | transaction_table | table | admin | transaction_analyst_role | role | 100 | ["user_name"] | ["user_name"]
```