Useful Okera Built-In Functions¶
Built-in functions are useful for privacy and security and can be combined in permissions with Okera's privacy functions for conditional matching. You can include these functions in the permission builder by selecting "Custom SQL" under the "Transformation type" dropdown, or by using a SQL IF statement as part of a row filter/'WHERE' condition.
This page defines the specification for Okera's custom built-in functions.
Summary¶
| Name | Function | Description |
|---|---|---|
| Autotag | autotag() |
Apply the autotagging rules to the given string. Useful for testing autotagging rules |
| Get groups | get_groups() |
Returns the groups of the given user/group |
| Get roles | get_roles() |
Returns the roles of the given user/group |
| Get tags | get_tags() |
Returns the tags associated with a schema registry object |
| Has access | has_access() |
Returns true if the user has access to a specified resource, else returns false |
| Has roles | has_roles() |
Returns true if the user has the specified roles, else returns false |
Autotag¶
STRING autotag(STRING)
Allows to apply the auto-tagging rules to a given string.
Added in Okera 1.6.0.
> SELECT autotag("125.1.10.34")
pii.ipv4
Get Groups¶
STRING get_groups(STRING)
Returns the groups a given user is part of.
Added in Okera 1.6.0.
> SELECT get_groups("analyst")
analyst,mktg_analyst
Get Roles¶
STRING get_roles(STRING)
Returns the roles a given user has access to.
Added in Okera 1.6.0.
> SELECT get_roles("analyst")
mktg_analyst_role,okera_public_role,okera_workspace_role
Get Tags¶
STRING get_tags(STRING)
Returns the tags a given resources (such as a database or dataset) is associated with.
Added in Okera 1.6.0.
> SELECT get_tags("customer.account_address_created");
dog.labradoodle,feline.lion
Has Access¶
BOOLEAN has_access(STRING)
The has_access() function allows performing conditional checks.
It returns true if the current user has access to the given catalog object, otherwise returns false.
Example: Using the has_access() function
SELECT has_access('prod_db') -> 'True' -- If the user has access to all of prod db
SELECT has_access('prod_db.sales_data') -> 'True' -- If the user has access to this table (or view)
-- To query multiple catalog objects:
SELECT has_access('prod_db1,prod_db2') -> 'True' -- If the user has access to both databases.
Has Roles¶
BOOLEAN has_roles(STRING)
The has_roles() function returns true when the current user is granted all of the listed roles, specified as a comma-separated list.
Example: Using the has_roles() function
SELECT has_roles('dev_role');
false -- dev_role is _not_ granted to the current user
SELECT has_roles('sales_role');
true -- sales_role is granted to the current user
SELECT has_roles('sales,role,dev_role');
false -- since dev_role is _not_ granted to the current user