CREATE NETWORK POLICY
CREATE NETWORK POLICY creates a network policy that restricts access to a
Materialize region using IP-based rules. Network policies are part of
Materialize’s framework for access control.
Syntax
network_policy_rule
Field |
Value | Description |
|---|---|---|
| name | text |
A name for the network policy. |
RULES |
text[] |
A comma-separated list of network policy rules. |
Network policy rule options
Field |
Value | Description |
|---|---|---|
| name | text |
A name for the network policy rule. |
ACTION |
text |
The action to take for this rule. ALLOW is the only valid option. |
DIRECTION |
text |
The direction of traffic the rule applies to. INGRESS is the only valid option. |
ADDRESS |
text |
The Classless Inter-Domain Routing (CIDR) block the rule will be applied to. |
Details
Pre-installed network policy
When you enable a Materialize region, a default network policy named default
will be pre-installed. This policy has a wide open ingress rule allow 0.0.0.0/0. You can modify or drop this network policy at any time.
NOTE: The default value for the
network_policy session parameter is default.
Before dropping the default network policy, a superuser (i.e. Organization Admin) must run ALTER SYSTEM SET network_policy to
change the default value.
Privileges
The privileges required to execute this statement are:
CREATENETWORKPOLICYprivileges on the system.
Examples
CREATE NETWORK POLICY office_access_policy (
RULES (
new_york (action='allow', direction='ingress',address='1.2.3.4/28'),
minnesota (action='allow',direction='ingress',address='2.3.4.5/32')
)
);
ALTER SYSTEM SET network_policy = office_access_policy;