/en/sql-reference/functions/management-functions/privileges-and-access-functions/ Recent content in Privileges and access functions on OpenText Analytics Database 26.2.x Hugo -- gohugo.io /en/sql-reference/functions/management-functions/privileges-and-access-functions/enabled-role/ Mon, 01 Jan 0001 00:00:00 +0000 /en/sql-reference/functions/management-functions/privileges-and-access-functions/enabled-role/ <p>Checks whether an OpenText™ Analytics Database <a href="../../../../../en/admin/db-users-and-privileges/db-roles/">user role</a> is enabled and returns true or false. This function is typically used when you create access policies on database roles.</p> <p>This is a meta-function. You must call meta-functions in a top-level <a href="../../../../../en/sql-reference/statements/select/#">SELECT</a> statement.</p> <h2 id="behavior-type">Behavior type</h2> <a class="glosslink" href="../../../../../en/glossary/volatile-functions/" title="">Volatile</a> <h2 id="syntax">Syntax</h2> <pre tabindex="0"><code>ENABLED_ROLE ( &#39;<span class="code-variable">role</span>&#39; ) </code></pre><h2 id="parameters">Parameters</h2> <dl> <dt><em><code>role</code></em></dt> <dd>The role to evaluate.</dd> </dl> <h2 id="privileges">Privileges</h2> <p>None</p> <h2 id="examples">Examples</h2> <p>See:</p> <ul> <li> <a href="../../../../../en/admin/db-users-and-privileges/access-policies/creating-column-access-policies/#">Creating column access policies</a> </li> <li> <a href="../../../../../en/admin/db-users-and-privileges/access-policies/creating-row-access-policies/#">Creating row access policies</a> </li> </ul> <h2 id="see-also">See also</h2> <a href="../../../../../en/sql-reference/statements/create-statements/create-access-policy/#">CREATE ACCESS POLICY</a> /en/sql-reference/functions/management-functions/privileges-and-access-functions/get-privileges-description/ Mon, 01 Jan 0001 00:00:00 +0000 /en/sql-reference/functions/management-functions/privileges-and-access-functions/get-privileges-description/ <p>Returns the effective privileges the current user has on an object, including explicit, <a href="../../../../../en/admin/db-users-and-privileges/db-privileges/ownership-and-implicit-privileges/">implicit</a>, <a href="../../../../../en/admin/db-users-and-privileges/db-privileges/inherited-privileges/">inherited</a>, and <a href="../../../../../en/admin/db-users-and-privileges/db-roles/granting-privileges-to-roles/">role-based</a> privileges.</p> <p>Because this meta-function only returns <a href="../../../../../en/admin/db-users-and-privileges/db-privileges/effective-privileges/">effective privileges</a>, GET_PRIVILEGES_DESCRIPTION only returns privileges with fully-satisfied prerequisites. For a list of prerequisites for common operations, see <a href="../../../../../en/admin/db-users-and-privileges/db-privileges/privileges-required-common-db-operations/#">Privileges required for common database operations</a>.</p> <p>For example, a user must have the following privileges to query a table:</p> <ul> <li> <p>Schema: USAGE</p> </li> <li> <p>Table: SELECT</p> </li> </ul> <p>If user Brooke has SELECT privileges on table <code>s1.t1</code> but lacks USAGE privileges on schema <code>s1</code>, Brooke cannot query the table, and GET_PRIVILEGES_DESCRIPTION does not return SELECT as a privilege for the table.</p> <div class="alert admonition note" role="alert"> <h4 class="admonition-head">Note</h4> Inherited privileges are not displayed if privilege inheritance is disabled at the database level with <a href="../../../../../en/sql-reference/config-parameters/security-parameters/">DisableInheritedPrivileges</a>. </div> <p>This is a meta-function. You must call meta-functions in a top-level <a href="../../../../../en/sql-reference/statements/select/#">SELECT</a> statement.</p> <h2 id="behavior-type">Behavior type</h2> <a class="glosslink" href="../../../../../en/glossary/volatile-functions/" title="">Volatile</a> <h2 id="syntax">Syntax</h2> <pre tabindex="0"><code>GET_PRIVILEGES_DESCRIPTION( &#39;<span class="code-variable">type</span>&#39;, &#39;[[<span class="code-variable">database</span>.]<span class="code-variable">schema.</span>]<span class="code-variable">name</span>&#39; ); </code></pre><h2 id="parameters">Parameters</h2> <dl> <dt><em><code>type</code></em></dt> <dd>Specifies an object type, one of the following: <ul> <li> <p><code>database</code></p> </li> <li> <p><code>table</code></p> </li> <li> <p><code>schema</code></p> </li> <li> <p><code>view</code></p> </li> <li> <p><code>sequence</code></p> </li> <li> <p><code>model</code></p> </li> <li> <p><code>library</code></p> </li> <li> <p><code>resource pool</code></p> </li> </ul> </dd> <dt><code>[</code><em><code>database</code></em><code>.]</code><em><code>schema</code></em></dt> <dd>Specifies a database and schema, by default the current database and <code>public</code>, respectively.</dd> <dt><em><code>name</code></em></dt> <dd>Name of the target object</dd> </dl> <h2 id="privileges">Privileges</h2> <p>None</p> <h2 id="examples">Examples</h2> <p>In the following example, user Glenn has set the REPORTER role and wants to check his effective privileges on schema <code>s1</code> and table <code>s1.articles</code>.</p> <ul> <li> <p>Table <code>s1.articles</code> inherits privileges from its schema (<code>s1</code>).</p> </li> <li> <p>The REPORTER role has the following privileges:</p> <ul> <li> <p>SELECT on schema <code>s1</code></p> </li> <li> <p>INSERT WITH GRANT OPTION on table <code>s1.articles</code></p> </li> </ul> </li> <li> <p>User Glenn has the following privileges:</p> <ul> <li> <p>UPDATE and USAGE on schema <code>s1</code>.</p> </li> <li> <p>DELETE on table <code>s1.articles</code>.</p> </li> </ul> </li> </ul> <p>GET_PRIVILEGES_DESCRIPTION returns the following effective privileges for Glenn on schema <code>s1</code>:</p> <pre tabindex="0"><code>=&gt; SELECT GET_PRIVILEGES_DESCRIPTION(&#39;schema&#39;, &#39;s1&#39;); GET_PRIVILEGES_DESCRIPTION -------------------------------- SELECT, UPDATE, USAGE (1 row) </code></pre><p>GET_PRIVILEGES_DESCRIPTION returns the following effective privileges for Glenn on table <code>s1.articles</code>:</p> <pre tabindex="0"><code> =&gt; SELECT GET_PRIVILEGES_DESCRIPTION(&#39;table&#39;, &#39;s1.articles&#39;); GET_PRIVILEGES_DESCRIPTION -------------------------------- INSERT*, SELECT, UPDATE, DELETE (1 row) </code></pre> <h2 id="see-also">See also</h2> <ul> <li> <a href="../../../../../en/admin/db-users-and-privileges/#">Database users and privileges</a> </li> <li> <a href="../../../../../en/admin/db-users-and-privileges/db-roles/#">Database roles</a> </li> <li> <a href="../../../../../en/admin/db-users-and-privileges/db-privileges/granting-and-revoking-privileges/#">Granting and revoking privileges</a> </li> </ul> /en/sql-reference/functions/management-functions/privileges-and-access-functions/has-role/ Mon, 01 Jan 0001 00:00:00 +0000 /en/sql-reference/functions/management-functions/privileges-and-access-functions/has-role/ <p>Checks whether an OpenText™ Analytics Database <a href="../../../../../en/admin/db-users-and-privileges/db-roles/">user role</a> is granted to the specified user or role, and returns true or false.</p> <p>You can also query system tables <a href="../../../../../en/sql-reference/system-tables/v-catalog-schema/roles/#">ROLES</a>, <a href="../../../../../en/sql-reference/system-tables/v-catalog-schema/grants/#">GRANTS</a>, and <a href="../../../../../en/sql-reference/system-tables/v-catalog-schema/users/#">USERS</a> to obtain information on users and their role assignments. For details, see <a href="../../../../../en/admin/db-users-and-privileges/db-roles/viewing-user-roles/#">Viewing user roles</a>.</p> <p>This is a meta-function. You must call meta-functions in a top-level <a href="../../../../../en/sql-reference/statements/select/#">SELECT</a> statement.</p> <h2 id="behavior-type">Behavior type</h2> <a class="glosslink" href="../../../../../en/glossary/stable-functions/" title="See also Immutable (invariant) functions.">Stable</a> <h2 id="syntax">Syntax</h2> <pre tabindex="0"><code>HAS_ROLE( [ &#39;<span class="code-variable">grantee</span>&#39; ,] &#39;<span class="code-variable">verify-role</span>&#39; ); </code></pre><h2 id="parameters">Parameters</h2> <dl> <dt><em><code>grantee</code></em></dt> <dd>Valid only for superusers, specifies the name of a user or role to look up. If this argument is omitted, the function uses the current user name ( <code><a href="../../../../../en/sql-reference/functions/system-information-functions/current-user/#">CURRENT_USER</a></code>). If you specify a role, the database checks whether this role is granted to the role specified in <em><code>verify-role</code></em>. <div class="admonition important" role="alert"> <h4 class="admonition-head">Important</h4> If a non-superuser supplies this argument, the database returns an error. </div></dd> <dt><em><code>verify-role</code></em></dt> <dd>Name of the role to verify for <em><code>grantee</code></em>.</dd> </dl> <h2 id="privileges">Privileges</h2> <p>None</p> <h2 id="examples">Examples</h2> <p>In the following example, a <code>dbadmin</code> user checks whether user <code>MikeL</code> is assigned the <code>admnistrator</code> role:</p> <pre tabindex="0"><code>=&gt; \c You are now connected as user &#34;dbadmin&#34;. =&gt; SELECT HAS_ROLE(&#39;MikeL&#39;, &#39;administrator&#39;); HAS_ROLE ---------- t (1 row) </code></pre><p>User <code>MikeL</code> checks whether he has the <code>regional_manager</code> role:</p> <pre tabindex="0"><code>=&gt; \c - MikeL You are now connected as user &#34;MikeL&#34;. =&gt; SELECT HAS_ROLE(&#39;regional_manager&#39;); HAS_ROLE ---------- f (1 row) </code></pre><p>The dbadmin grants the <code>regional_manager</code> role to the <code>administrator</code> role. On checking again, <code>MikeL</code> verifies that he now has the <code>regional_manager</code> role:</p> <pre tabindex="0"><code>dbadmin=&gt; \c You are now connected as user &#34;dbadmin&#34;. dbadmin=&gt; GRANT regional_manager to administrator; GRANT ROLE dbadmin=&gt; \c - MikeL You are now connected as user &#34;MikeL&#34;. dbadmin=&gt; SELECT HAS_ROLE(&#39;regional_manager&#39;); HAS_ROLE ---------- t (1 row) </code></pre> <h2 id="see-also">See also</h2> <ul> <li> <a href="../../../../../en/sql-reference/system-tables/v-catalog-schema/grants/#">GRANTS</a> </li> <li> <a href="../../../../../en/sql-reference/system-tables/v-catalog-schema/roles/#">ROLES</a> </li> <li> <a href="../../../../../en/sql-reference/system-tables/v-catalog-schema/users/#">USERS</a> </li> <li> <a href="../../../../../en/admin/db-users-and-privileges/#">Database users and privileges</a> </li> </ul> /en/sql-reference/functions/management-functions/privileges-and-access-functions/release-system-tables-access/ Mon, 01 Jan 0001 00:00:00 +0000 /en/sql-reference/functions/management-functions/privileges-and-access-functions/release-system-tables-access/ <p>Allows <a href="../../../../../en/admin/db-users-and-privileges/db-roles/predefined-db-roles/public/">non-superusers</a> to access all non-<a href="../../../../../en/sql-reference/system-tables/v-catalog-schema/system-tables/">SUPERUSER_ONLY</a> system tables. After you call this function, OpenText™ Analytics Database ignores the IS_ACCESSIBLE_DURING_LOCKDOWN setting in table <a href="../../../../../en/sql-reference/system-tables/v-catalog-schema/system-tables/#">SYSTEM_TABLES</a>. To restrict non-superusers access to system tables, call <a href="../../../../../en/sql-reference/functions/management-functions/privileges-and-access-functions/restrict-system-tables-access/#">RESTRICT_SYSTEM_TABLES_ACCESS</a>.</p> <p>By default, the database behaves as though RELEASE_SYSTEM_TABLES_ACCESS() was called. That is, non-superusers have access to all non-SUPERUSER_ONLY system tables.</p> <p>This is a meta-function. You must call meta-functions in a top-level <a href="../../../../../en/sql-reference/statements/select/#">SELECT</a> statement.</p> <h2 id="behavior-type">Behavior type</h2> <a class="glosslink" href="../../../../../en/glossary/volatile-functions/" title="">Volatile</a> <h2 id="syntax">Syntax</h2> <pre tabindex="0"><code>RELEASE_SYSTEM_TABLES_ACCESS() </code></pre><h2 id="privileges">Privileges</h2> <p>Superuser</p> <h2 id="examples">Examples</h2> <p>By default, non-superuser Alice has access to <code>client_auth</code> and <code>disk_storage</code>. She also has access to <code>replication_status</code> because she was <a href="../../../../../en/sql-reference/statements/grant-statements/grant-table/">granted</a> the privilege by the dbadmin:</p> <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-sql" data-lang="sql"><span class="line"><span class="cl"><span class="o">=&gt;</span><span class="w"> </span><span class="k">SELECT</span><span class="w"> </span><span class="k">table_name</span><span class="p">,</span><span class="w"> </span><span class="n">is_superuser_only</span><span class="p">,</span><span class="w"> </span><span class="n">is_accessible_during_lockdown</span><span class="w"> </span><span class="k">FROM</span><span class="w"> </span><span class="n">system_tables</span><span class="w"> </span><span class="k">WHERE</span><span class="w"> </span><span class="k">table_name</span><span class="o">=</span><span class="s1">&#39;disk_storage&#39;</span><span class="w"> </span><span class="k">OR</span><span class="w"> </span><span class="k">table_name</span><span class="o">=</span><span class="s1">&#39;database_backups&#39;</span><span class="w"> </span><span class="k">OR</span><span class="w"> </span><span class="k">table_name</span><span class="o">=</span><span class="s1">&#39;replication_status&#39;</span><span class="w"> </span><span class="k">OR</span><span class="w"> </span><span class="k">table_name</span><span class="o">=</span><span class="s1">&#39;client_auth&#39;</span><span class="p">;</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="k">table_name</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">is_superuser_only</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">is_accessible_during_lockdown</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="c1">--------------------+-------------------+------------------------------- </span></span></span><span class="line"><span class="cl"><span class="c1"></span><span class="w"> </span><span class="n">client_auth</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">f</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">t</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="n">disk_storage</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">f</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">f</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="n">database_backups</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">t</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">f</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="n">replication_status</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">t</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">t</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="p">(</span><span class="mi">4</span><span class="w"> </span><span class="k">rows</span><span class="p">)</span><span class="w"> </span></span></span></code></pre></div><p>The dbadmin calls <a href="../../../../../en/sql-reference/functions/management-functions/privileges-and-access-functions/restrict-system-tables-access/#">RESTRICT_SYSTEM_TABLES_ACCESS</a>:</p> <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-sql" data-lang="sql"><span class="line"><span class="cl"><span class="o">=&gt;</span><span class="w"> </span><span class="k">SELECT</span><span class="w"> </span><span class="n">RESTRICT_SYSTEM_TABLES_ACCESS</span><span class="p">();</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="n">RESTRICT_SYSTEM_TABLES_ACCESS</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="c1">---------------------------------------------------------------------------- </span></span></span><span class="line"><span class="cl"><span class="c1"></span><span class="w"> </span><span class="n">Dropped</span><span class="w"> </span><span class="n">grants</span><span class="w"> </span><span class="k">to</span><span class="w"> </span><span class="k">public</span><span class="w"> </span><span class="k">on</span><span class="w"> </span><span class="n">non</span><span class="o">-</span><span class="n">accessible</span><span class="w"> </span><span class="n">during</span><span class="w"> </span><span class="n">lockdown</span><span class="w"> </span><span class="k">system</span><span class="w"> </span><span class="n">tables</span><span class="p">.</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="p">(</span><span class="mi">1</span><span class="w"> </span><span class="k">row</span><span class="p">)</span><span class="w"> </span></span></span></code></pre></div><p>Alice loses access to <code>disk_storage</code>, but she retains access to <code>client_auth</code> and <code>replication_status</code> because their IS_ACCESSIBLE_DURING_LOCKDOWN fields are true:</p> <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-sql" data-lang="sql"><span class="line"><span class="cl"><span class="o">=&gt;</span><span class="w"> </span><span class="k">SELECT</span><span class="w"> </span><span class="n">storage_status</span><span class="w"> </span><span class="k">FROM</span><span class="w"> </span><span class="n">disk_storage</span><span class="p">;</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="n">ERROR</span><span class="w"> </span><span class="mi">4367</span><span class="p">:</span><span class="w"> </span><span class="n">Permission</span><span class="w"> </span><span class="n">denied</span><span class="w"> </span><span class="k">for</span><span class="w"> </span><span class="n">relation</span><span class="w"> </span><span class="n">disk_storage</span><span class="w"> </span></span></span></code></pre></div><p>The dbadmin calls RELEASE_SYSTEM_TABLES_ACCESS(), restoring Alice's access to <code>disk_storage</code>:</p> <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-sql" data-lang="sql"><span class="line"><span class="cl"><span class="o">=&gt;</span><span class="w"> </span><span class="k">SELECT</span><span class="w"> </span><span class="n">RELEASE_SYSTEM_TABLES_ACCESS</span><span class="p">();</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="n">RELEASE_SYSTEM_TABLES_ACCESS</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="c1">-------------------------------------------------------- </span></span></span><span class="line"><span class="cl"><span class="c1"></span><span class="w"> </span><span class="k">Granted</span><span class="w"> </span><span class="k">SELECT</span><span class="w"> </span><span class="k">privileges</span><span class="w"> </span><span class="k">on</span><span class="w"> </span><span class="k">system</span><span class="w"> </span><span class="n">tables</span><span class="w"> </span><span class="k">to</span><span class="w"> </span><span class="k">public</span><span class="p">.</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="p">(</span><span class="mi">1</span><span class="w"> </span><span class="k">row</span><span class="p">)</span><span class="w"> </span></span></span></code></pre></div> /en/sql-reference/functions/management-functions/privileges-and-access-functions/restrict-system-tables-access/ Mon, 01 Jan 0001 00:00:00 +0000 /en/sql-reference/functions/management-functions/privileges-and-access-functions/restrict-system-tables-access/ <p>Prevents <a href="../../../../../en/admin/db-users-and-privileges/db-roles/predefined-db-roles/public/">non-superusers</a> from accessing tables that have the <a href="../../../../../en/sql-reference/system-tables/v-catalog-schema/system-tables/">IS_ACCESSIBLE_DURING_LOCKDOWN</a> flag set to false.</p> <p>To enable non-superuser access to system tables restricted by this function, call <a href="../../../../../en/sql-reference/functions/management-functions/privileges-and-access-functions/release-system-tables-access/#">RELEASE_SYSTEM_TABLES_ACCESS</a>.</p> <p>This is a meta-function. You must call meta-functions in a top-level <a href="../../../../../en/sql-reference/statements/select/#">SELECT</a> statement.</p> <h2 id="behavior-type">Behavior type</h2> <a class="glosslink" href="../../../../../en/glossary/volatile-functions/" title="">Volatile</a> <h2 id="syntax">Syntax</h2> <pre tabindex="0"><code>RESTRICT_SYSTEM_TABLES_ACCESS() </code></pre><h2 id="privileges">Privileges</h2> <p>Superuser</p> <h2 id="examples">Examples</h2> <p>By default, <code>client_auth</code> and <code>disk_storage</code> tables are accessible to all users, but only the former is accessible after RESTRICT_SYSTEM_TABLES_ACCESS() is called. Non-superusers never have access to <code>database_backups</code> and <code>replication_status</code> unless explicitly <a href="../../../../../en/sql-reference/statements/grant-statements/grant-table/">granted</a> the privilege by the dbadmin:</p> <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-sql" data-lang="sql"><span class="line"><span class="cl"><span class="o">=&gt;</span><span class="w"> </span><span class="k">SELECT</span><span class="w"> </span><span class="k">table_name</span><span class="p">,</span><span class="w"> </span><span class="n">is_superuser_only</span><span class="p">,</span><span class="w"> </span><span class="n">is_accessible_during_lockdown</span><span class="w"> </span><span class="k">FROM</span><span class="w"> </span><span class="n">system_tables</span><span class="w"> </span><span class="k">WHERE</span><span class="w"> </span><span class="k">table_name</span><span class="o">=</span><span class="s1">&#39;disk_storage&#39;</span><span class="w"> </span><span class="k">OR</span><span class="w"> </span><span class="k">table_name</span><span class="o">=</span><span class="s1">&#39;database_backups&#39;</span><span class="w"> </span><span class="k">OR</span><span class="w"> </span><span class="k">table_name</span><span class="o">=</span><span class="s1">&#39;replication_status&#39;</span><span class="w"> </span><span class="k">OR</span><span class="w"> </span><span class="k">table_name</span><span class="o">=</span><span class="s1">&#39;client_auth&#39;</span><span class="p">;</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="k">table_name</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">is_superuser_only</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">is_accessible_during_lockdown</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="c1">--------------------+-------------------+------------------------------- </span></span></span><span class="line"><span class="cl"><span class="c1"></span><span class="w"> </span><span class="n">client_auth</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">f</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">t</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="n">disk_storage</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">f</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">f</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="n">database_backups</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">t</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">f</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="n">replication_status</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">t</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">t</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="p">(</span><span class="mi">4</span><span class="w"> </span><span class="k">rows</span><span class="p">)</span><span class="w"> </span></span></span></code></pre></div><p>The dbadmin then calls RESTRICT_SYSTEM_TABLES_ACCESS():</p> <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-sql" data-lang="sql"><span class="line"><span class="cl"><span class="o">=&gt;</span><span class="w"> </span><span class="k">SELECT</span><span class="w"> </span><span class="n">RESTRICT_SYSTEM_TABLES_ACCESS</span><span class="p">();</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="n">RESTRICT_SYSTEM_TABLES_ACCESS</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="c1">---------------------------------------------------------------------------- </span></span></span><span class="line"><span class="cl"><span class="c1"></span><span class="w"> </span><span class="n">Dropped</span><span class="w"> </span><span class="n">grants</span><span class="w"> </span><span class="k">to</span><span class="w"> </span><span class="k">public</span><span class="w"> </span><span class="k">on</span><span class="w"> </span><span class="n">non</span><span class="o">-</span><span class="n">accessible</span><span class="w"> </span><span class="n">during</span><span class="w"> </span><span class="n">lockdown</span><span class="w"> </span><span class="k">system</span><span class="w"> </span><span class="n">tables</span><span class="p">.</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="p">(</span><span class="mi">1</span><span class="w"> </span><span class="k">row</span><span class="p">)</span><span class="w"> </span></span></span></code></pre></div><p>Bob loses access to <code>disk_storage</code>, but retains access to <code>client_auth</code> because its IS_ACCESSIBLE_DURING_LOCKDOWN field is true:</p> <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-sql" data-lang="sql"><span class="line"><span class="cl"><span class="o">=&gt;</span><span class="w"> </span><span class="k">SELECT</span><span class="w"> </span><span class="n">storage_status</span><span class="w"> </span><span class="k">FROM</span><span class="w"> </span><span class="n">disk_storage</span><span class="p">;</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="n">ERROR</span><span class="w"> </span><span class="mi">4367</span><span class="p">:</span><span class="w"> </span><span class="n">Permission</span><span class="w"> </span><span class="n">denied</span><span class="w"> </span><span class="k">for</span><span class="w"> </span><span class="n">relation</span><span class="w"> </span><span class="n">disk_storage</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="o">=&gt;</span><span class="w"> </span><span class="k">SELECT</span><span class="w"> </span><span class="n">auth_oid</span><span class="w"> </span><span class="k">FROM</span><span class="w"> </span><span class="n">client_auth</span><span class="p">;</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="n">auth_oid</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="c1">------------------- </span></span></span><span class="line"><span class="cl"><span class="c1"></span><span class="w"> </span><span class="mi">45035996273705106</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="mi">45035996273705110</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="mi">45035996273705114</span><span class="w"> </span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="p">(</span><span class="mi">3</span><span class="w"> </span><span class="k">rows</span><span class="p">)</span><span class="w"> </span></span></span></code></pre></div>