addFunctionView
Syntax
addFunctionView(udf|moduleName)
Arguments
udf is either a user-defined function or a tuple containing multiple user-defined functions.
moduleName is a STRING scalar indicating a module name.
Note:
- Anonymous functions are not supported.
- A user-defined function can only take scalars, pairs or regular vectors as default parameters.
- The module specified bymoduleName must be placed in the modules directory of the current node.
- When module files have both .dos and .dom versions, .dos is loaded first.
- When a module is loaded with
use <moduleName>
on the current node, and functions under a namespace with the same name are added as function views, the loaded module takes precedence if the function definitions are different.
Details
Function view provides a flexible way to control user access to databases and tables. A function view is a user-defined function that encapsulates statements that access databases. Even if a user does not have the privilege to read the data of a database, the user can execute the function view to obtain the desired calculation result.
Specify user defined functions that can be executed by certain users although these users may not have TABLE_READ access to the datasets that these functions operate on. For example, a user who cannot see individual patient names or ages may nevertheless calculate the number of patients and the average age of patients.
The specified user defined functions can be used as the value of the parameter objs if the parameter accessType is set to VIEW_EXEC in command grant, deny or revoke.
Unlike other user-defined functions that are session isolated, the function view can be shared between sessions. The definition of the function view is persisted to the controller node, so if the DolphinDB cluster is restarted, the previously defined function view can still be used.
addFunctionView
can only be executed by administrators or users with
VIEW_OWNER permission.
Examples
In the following example, the user-defined function getSpread
calculates the average bid-ask spread for a specified stock in the table
dfs://TAQ/quotes. A user (user1) does not have the
privilege to read table dfs://TAQ/quotes. Now define function
getSpread
to be a function view, and grant user1 the privilege
to execute the function view. Although user1 cannot read the raw data of table
dfs://TAQ/quotes, now she can execute the function view to
calculate the average bid-ask spread of any stock in the table.
Please note that as table dfs://TAQ/quotes is a distributed
database, the following script needs to be executed by a system administrator. User1
can execute function getSpread
on any data node/compute node.
def getSpread(s, d){
return select avg((ofr-bid)/(ofr+bid)*2) as spread from loadTable("dfs://TAQ","quotes") where symbol=s, date=d
}
addFunctionView(getSpread)
// grant privileges on a controller
grant("user1", VIEW_EXEC, "getSpread")
A module test.dos which defines functions f1
and
f2
is placed under the modules directory:
addFunctionView("test")
// Grant user1 the execution privilege of f1
grant("user1", VIEW_EXEC, "test::f1")
// Grant user1 the execution privilege of all functions under test
grant(`user1, VIEW_EXEC, "test::*")
// A granted user can use the fully qualified name to call a function
test::f1()
Related functions: dropFunctionView