Skip to main content

CREATE NETWORK POLICY

Introduced or updated: v1.2.341

Creates a new network policy in Databend.

Syntax

CREATE [ OR REPLACE ] NETWORK POLICY [ IF NOT EXISTS ] <policy_name>
ALLOWED_IP_LIST = ( 'allowed_ip1', 'allowed_ip2', ... )
[ BLOCKED_IP_LIST = ( 'blocked_ip1', 'blocked_ip2', ...) ]
[ COMMENT = 'comment' ]
ParameterDescription
policy_nameSpecifies the name of the network policy to be created.
ALLOWED_IP_LISTSpecifies a comma-separated list of allowed IP address ranges for the policy. Users associated with this policy can access the network using the specified IP ranges.
BLOCKED_IP_LISTSpecifies a comma-separated list of blocked IP address ranges for the policy. Users associated with this policy can still access the network from ALLOWED_IP_LIST, except for the IPs specified in BLOCKED_IP_LIST, which will be restricted from access.
COMMENTAn optional parameter used to add a description or comment for the network policy.

Examples

This example demonstrates creating a network policy with specified allowed and blocked IP addresses, and then associating this policy with a user to control network access. The network policy allows all IP addresses ranging from 192.168.1.0 to 192.168.1.255, except for the specific IP address 192.168.1.99.

-- Create a network policy
CREATE NETWORK POLICY sample_policy
ALLOWED_IP_LIST=('192.168.1.0/24')
BLOCKED_IP_LIST=('192.168.1.99')
COMMENT='Sample';

SHOW NETWORK POLICIES;

Name |Allowed Ip List |Blocked Ip List|Comment |
-------------+-------------------------+---------------+-----------+
sample_policy|192.168.1.0/24 |192.168.1.99 |Sample |

-- Create a user
CREATE USER sample_user IDENTIFIED BY 'databend';

-- Associate the network policy with the user
ALTER USER sample_user WITH SET NETWORK POLICY='sample_policy';
Explore Databend Cloud for FREE
Low-cost
Fast Analytics
Easy Data Ingestion
Elastic Scaling
Try it today