4
4
=========================
6
6
:program:`regex_policy` is an :doc:`/administration/authorization` plugin
7
that uses regex patterns to match policies.
7
that uses regex patterns to match policies. When :program:`drizzled` is started with ``--plugin-add=regex_policy``, the regex policy plugin is enabled with the default policy file. Policy file can be specified by either specifying ``--regex-policy.policy=<policy file>`` at the time of server startup or by changing the ``regex_policy_policy`` with ``SET GLOBAL``.
9
9
.. _regex_policy_loading:
64
64
The general line format of a regex policy file is::
66
66
USER_PATTERN SCHEMA_OBJECT_PATTERN POLICY
67
In Drizzle 7 and Drizzle 7.1 the POLICY values supported were 'ACCEPT' and 'DENY'. Beginning with Drizzle 7.2.0, the values used should be 'ALLOW' and 'DENY'. Although 'ACCEPT' and 'REJECT' are also supported for backward compatibility, but their use is deprecated.
70
71
# This is a comment line and should be skipped
71
.+ schema=DATA_DICTIONARY ACCEPT
72
.+ schema=INFORMATION_SCHEMA ACCEPT
73
.+ schema=data_dictionary ACCEPT
74
.+ schema=information_schema ACCEPT
77
root process=.+ ACCEPT
78
user1 schema=user1 ACCEPT
79
user2 schema=user2 ACCEPT
80
user1 process=user1 ACCEPT
81
user2 process=user2 ACCEPT
72
.+ schema=DATA_DICTIONARY ALLOW
73
.+ schema=INFORMATION_SCHEMA ALLOW
74
.+ schema=data_dictionary ALLOW
75
.+ schema=information_schema ALLOW
79
user1 schema=user1 ALLOW
80
user2 schema=user2 ALLOW
81
user1 process=user1 ALLOW
82
user2 process=user2 ALLOW
82
83
# Default to denying everything
87
Changing policy file at runtime
88
-------------------------------
90
Policy file can be reloaded by::
92
SET GLOBAL regex_policy_policy=@@regex_policy_policy
94
Moreover, the policy file can be changed by::
96
SET GLOBAL regex_policy_policy=/path/to/new/policy/file