CREATE NETWORK POLICY
CREATE NETWORK POLICY creates a network policy that restricts access to a Materialize region using IP-based rules. Network policies are part of Materialize’s framework for access control.
Syntax
network_policy_rule
Field | Value | Description |
|---|---|---|
| name | text | A name for the network policy. |
RULES | text[] | A comma-separated list of network policy rules. |
Network policy rule options
Field | Value | Description |
|---|---|---|
| name | text | A name for the network policy rule. |
ACTION | text | The action to take for this rule. ALLOW is the only valid option. |
DIRECTION | text | The direction of traffic the rule applies to. INGRESS is the only valid option. |
ADDRESS | text | The Classless Inter-Domain Routing (CIDR) block the rule will be applied to. |
Details
Pre-installed network policy
When you enable a Materialize region, a default network policy named default will be pre-installed. This policy has a wide open ingress rule allow 0.0.0.0/0. You can modify or drop this network policy at any time.
NOTE: The default value for the
network_policy session parameter is default. Before dropping the default network policy, a superuser (i.e. Organization Admin) must run ALTER SYSTEM SET network_policy to change the default value. Privileges
The privileges required to execute this statement are:
CREATENETWORKPOLICYprivileges on the system.
Examples
CREATE NETWORK POLICY office_access_policy ( RULES ( new_york (action='allow', direction='ingress',address='1.2.3.4/28'), minnesota (action='allow',direction='ingress',address='2.3.4.5/32') ) ); ALTER SYSTEM SET network_policy = office_access_policy;