ALTER PACKAGES POLICY

Modifies the properties for an existing packages policy.

在下一个使用包策略的 SQL 查询运行时,对包策略属性所做的任何更改才会生效。

语法

ALTER PACKAGES POLICY [ IF EXISTS ] <name> SET
  [ ALLOWLIST = ( [ '<packageSpec>' ] [ , '<packageSpec>' ... ] ) ]
  [ BLOCKLIST = ( [ '<packageSpec>' ] [ , '<packageSpec>' ... ] ) ]
  [ ADDITIONAL_CREATION_BLOCKLIST = ( [ '<packageSpec>' ] [ , '<packageSpec>' ... ] ) ]
  [ COMMENT = '<string_literal>' ]

ALTER PACKAGES POLICY [ IF EXISTS ] <name> UNSET
  [ ALLOWLIST ]
  [ BLOCKLIST ]
  [ ADDITIONAL_CREATION_BLOCKLIST ]
  [ COMMENT ]

参数

name

指定要更改的包策略的标识符。如果标识符包含空格或特殊字符,则整个字符串必须放在双引号内。放在双引号内的标识符也区分大小写。

For more details, see Identifier requirements.

SET ...

指定要为包策略设置的一个或多个属性。

ALLOWLIST = ( [ 'packageSpec' ] [ , 'packageSpec' ... ] )

指定允许的包规范列表。

Default: ('*') (i.e. allow all packages).

BLOCKLIST = ( [ 'packageSpec' ] [ , 'packageSpec' ... ] )

指定被阻止的包规范列表。若要取消设置此参数,请指定一个空列表。

Default: () (i.e. do not block any packages).

ADDITIONAL_CREATION_BLOCKLIST = ( [ 'packageSpec' ] [ , 'packageSpec' ... ] )

Specifies a list of package specs that are blocked at creation time. To unset this parameter, specify an empty list. If the ADDITIONAL_CREATION_BLOCKLIST is set, it is appended to the basic BLOCKLIST at the creation time. For temporary UDFs and anonymous stored procedures, the ADDITIONAL_CREATION_BLOCKLIST is appended to the basic BLOCKLIST at both creation and execution time.

Default: () (i.e. do not block any packages).

COMMENT = 'string_literal'

为包策略添加注释或覆盖现有注释。

UNSET ...

指定要为包策略取消设置的一个或多个属性,这会将其重置为默认值:

  • ALLOWLIST
  • BLOCKLIST
  • ADDITIONAL_CREATION_BLOCKLIST
  • COMMENT

You can reset multiple properties with a single ALTER statement; however, each property must be separated by a comma. When resetting a property, specify only the name; specifying a value for the property will return an error.

访问控制要求

A role used to execute this operation must have the following privileges at a minimum:

权限对象备注
OWNERSHIP包策略OWNERSHIP is a special privilege on an object that is automatically granted to the role that created the object, but can also be transferred using the [GRANT OWNERSHIP](/sql-reference/sql/grant-ownership) command to a different role by the owning role (or any role with the MANAGE GRANTS privilege).

Operating on an object in a schema requires at least one privilege on the parent database and at least one privilege on the parent schema.

For instructions on creating a custom role with a specified set of privileges, see Creating custom roles.

For general information about roles and privilege grants for performing SQL actions on securable objects, see Overview of Access Control.

使用说明

  • If you want to update an existing packages policy and need to see the current definition of the policy, call the GET_DDL function or run the DESCRIBE PACKAGES POLICY command.

  • 关于元数据:

    Attention

    Customers should ensure that no personal data (other than for a User object), sensitive data, export-controlled data, or other regulated data is entered as metadata when using the Snowflake service. For more information, see Metadata fields in Snowflake.

示例

以下示例更新了包策略。

ALTER PACKAGES POLICY packages_policy_prod_1 SET ALLOWLIST = ('pandas==1.2.3');