LOAD 'pg_diffix'; -- Mark, unmark objects, show their labels CALL diffix.mark_role('diffix_test', 'direct'); SELECT * FROM diffix.show_labels() WHERE objname IN ('diffix_test', 'public.test_products'); objtype | objname | label ---------+----------------------+-------- table | public.test_products | public role | diffix_test | direct (2 rows) CALL diffix.unmark_table('public.test_products'); CALL diffix.unmark_role('diffix_test'); SELECT * FROM diffix.show_labels() WHERE objname IN ('diffix_test', 'public.test_products'); objtype | objname | label ---------+---------+------- (0 rows) CALL diffix.mark_role('diffix_test', 'anonymized_trusted'); CALL diffix.mark_public('public.test_products'); SELECT * FROM diffix.show_labels() WHERE objname IN ('diffix_test', 'public.test_products'); objtype | objname | label ---------+----------------------+-------------------- table | public.test_products | public role | diffix_test | anonymized_trusted (2 rows) -- Strict checking of anonymization parameters SET pg_diffix.strict = false; SET pg_diffix.top_count_max = 0; ERROR: 0 is outside the valid range for parameter "pg_diffix.top_count_max" (1 .. 1000) SET pg_diffix.top_count_max = 3; SET pg_diffix.strict = true; NOTICE: [PG_DIFFIX] Current values of anonymization parameters do not conform to strict mode. ERROR: invalid value for parameter "pg_diffix.strict": 1 SET pg_diffix.top_count_max = 4; SET pg_diffix.strict = true; SET pg_diffix.top_count_max = 3; NOTICE: [PG_DIFFIX] Bounds must differ by at least 1. Set other bound to make it valid. SET pg_diffix.top_count_max = 4; -- Reject unsupported column types during AID labeling SECURITY LABEL FOR pg_diffix ON COLUMN test_customers.discount IS 'aid'; ERROR: [PG_DIFFIX] AID label can not be set on target column because the type is unsupported -- Restriction on users with access level below `direct` SET ROLE diffix_test; SET pg_diffix.session_access_level = 'anonymized_trusted'; -- Non-superuser allowed settings SET pg_diffix.text_label_for_suppress_bin = '*'; -- Non-superuser restricted settings SET pg_diffix.salt = ''; ERROR: permission denied to set parameter "pg_diffix.salt" CALL diffix.mark_public('public.test_customers'); ERROR: [PG_DIFFIX] Statement requires direct access level. SET pg_diffix.noise_layer_sd = 0.0; ERROR: permission denied to set parameter "pg_diffix.noise_layer_sd"