ALTER SECURITY INTEGRATION（外部 API 身份验证）¶

修改为外部 API 身份验证创建的现有安全集成的属性。

For information about modifying other types of security integrations (e.g. Snowflake OAuth), see ALTER SECURITY INTEGRATION.

See also:: CREATE SECURITY INTEGRATION (External API Authentication) , DESCRIBE INTEGRATION , DROP INTEGRATION , SHOW INTEGRATIONS

语法

OAuth：客户端凭据¶

ALTER SECURITY INTEGRATION <name> SET
  [ ENABLED = { TRUE | FALSE } ]
  [ OAUTH_TOKEN_ENDPOINT = '<string_literal>' ]
  [ OAUTH_CLIENT_AUTH_METHOD = { CLIENT_SECRET_BASIC | CLIENT_SECRET_POST } ]
  [ OAUTH_CLIENT_ID = '<string_literal>' ]
  [ OAUTH_CLIENT_SECRET = '<string_literal>' ]
  [ OAUTH_GRANT = 'CLIENT_CREDENTIALS']
  [ OAUTH_ACCESS_TOKEN_VALIDITY = <integer> ]
  [ OAUTH_ALLOWED_SCOPES = ( '<scope_1>' [ , '<scope_2>' ... ] ) ]
  [ COMMENT = '<string_literal>' ]

ALTER [ SECURITY ] INTEGRATION <name> SET TAG <tag_name> = '<tag_value>' [ , <tag_name> = '<tag_value>' ... ]

ALTER [ SECURITY ] INTEGRATION <name> UNSET TAG <tag_name> [ , <tag_name> ... ]

ALTER [ SECURITY ] INTEGRATION [ IF EXISTS ] <name> UNSET {
  ENABLED | [ , ... ]
}

OAuth：授权代码授予流程¶

ALTER SECURITY INTEGRATION <name> SET
  [ ENABLED = { TRUE | FALSE } ]
  [ OAUTH_AUTHORIZATION_ENDPOINT = '<string_literal>' ]
  [ OAUTH_TOKEN_ENDPOINT = '<string_literal>' ]
  [ OAUTH_CLIENT_AUTH_METHOD = { CLIENT_SECRET_BASIC | CLIENT_SECRET_POST } ]
  [ OAUTH_CLIENT_ID = '<string_literal>' ]
  [ OAUTH_CLIENT_SECRET = '<string_literal>' ]
  [ OAUTH_GRANT = 'AUTHORIZATION_CODE']
  [ OAUTH_ACCESS_TOKEN_VALIDITY = <integer> ]
  [ OAUTH_REFRESH_TOKEN_VALIDITY = <integer> ]
  [ COMMENT = '<string_literal>' ]

ALTER [ SECURITY ] INTEGRATION <name> SET TAG <tag_name> = '<tag_value>' [ , <tag_name> = '<tag_value>' ... ]

ALTER [ SECURITY ] INTEGRATION <name> UNSET TAG <tag_name> [ , <tag_name> ... ]

ALTER [ SECURITY ] INTEGRATION [ IF EXISTS ] <name> UNSET {
  ENABLED | [ , ... ]
}

OAuth：JWT Bearer Flow¶

ALTER SECURITY INTEGRATION <name> SET
  [ ENABLED = { TRUE | FALSE } ]
  [ OAUTH_AUTHORIZATION_ENDPOINT = '<string_literal>' ]
  [ OAUTH_TOKEN_ENDPOINT = '<string_literal>' ]
  [ OAUTH_CLIENT_AUTH_METHOD = { CLIENT_SECRET_BASIC | CLIENT_SECRET_POST } ]
  [ OAUTH_CLIENT_ID = '<string_literal>' ]
  [ OAUTH_CLIENT_SECRET = '<string_literal>' ]
  [ OAUTH_GRANT = 'JWT_BEARER']
  [ OAUTH_ACCESS_TOKEN_VALIDITY = <integer> ]
  [ OAUTH_REFRESH_TOKEN_VALIDITY = <integer> ]
  [ COMMENT = '<string_literal>' ]

ALTER [ SECURITY ] INTEGRATION <name> SET TAG <tag_name> = '<tag_value>' [ , <tag_name> = '<tag_value>' ... ]

ALTER [ SECURITY ] INTEGRATION <name> UNSET TAG <tag_name> [ , <tag_name> ... ]

ALTER [ SECURITY ] INTEGRATION [ IF EXISTS ] <name> UNSET {
  ENABLED | [ , ... ]
}

参数

name

指定集成标识符（即名称）的字符串。

SET ...

指定要为集成设置的一个或多个属性/参数（用空格、逗号或新行分隔）：

ENABLED = { TRUE | FALSE }

指定是启用还是禁用此安全集成。

TRUE: 允许集成基于集成定义中指定的参数运行。
FALSE: 暂停集成以进行维护。Snowflake 与第三方服务之间的任何集成都无法正常工作。

OAUTH_AUTHORIZATION_ENDPOINT = 'string_literal'

指定用于对外部服务进行身份验证的 URL。例如，要连接到 ServiceNow 实例，URL 应采用以下格式：

https://<instance_name>.service-now.com/oauth_token.do

Where instance_name is the name of your ServiceNow instance.

OAUTH_TOKEN_ENDPOINT = 'string_literal'

指定客户端用于获取访问令牌的令牌端点，方法是提供其授权授予或刷新令牌。令牌端点用于每个授权授予，但隐式授权类型除外（因为访问令牌是直接颁发的）。

OAUTH_CLIENT_AUTH_METHOD = { CLIENT_SECRET_BASIC | CLIENT_SECRET_POST }

Controls how client credentials are sent to the external service.

CLIENT_SECRET_BASIC: Specifies that client credentials are sent using the HTTP Basic Authentication Scheme.
CLIENT_SECRET_POST: Specifies that client credentials are sent in the HTTP request body of a POST request.

Default: CLIENT_SECRET_BASIC

OAUTH_CLIENT_ID = 'string_literal'

指定外部服务中 OAuth 应用程序的客户端 ID。

OAUTH_CLIENT_SECRET = 'string_literal'

指定 ServiceNow 实例中 OAuth 应用程序的客户端密钥。连接器使用该密钥向 ServiceNow 实例请求访问令牌。

OAUTH_GRANT = 'string_literal'

指定 OAuth 流的类型。以下其中一项：

'CLIENT_CREDENTIALS' when the integration will use client credentials.
'AUTHORIZATION_CODE' when the integration will use an authorization code.
'JWT_BEARER' when the integration will use a JWT bearer token.

OAUTH_ACCESS_TOKEN_VALIDITY = integer

指定由 OAuth 服务器颁发的 OAuth 访问令牌的默认生命周期（以秒为单位）。

如果访问令牌生命周期未作为 OAuth 令牌响应的一部分返回，则使用此属性中设置的值。当两个值都可用时，较小的值将用于刷新访问令牌。

OAUTH_REFRESH_TOKEN_VALIDITY = integer

指定用于确定从 OAuth 服务器获取的刷新令牌有效性的值。

OAUTH_ALLOWED_SCOPES = ( list )

指定以逗号分隔的范围列表，每个范围放在单引号内，在 OAuth 客户端凭证流期间由集成中具备 USAGE 的角色通过 OAuth 发出请求时使用。

This list must be a subset of the scopes defined in the OAUTH_ALLOWED_SCOPES property of the security integration. If the OAUTH_SCOPES property values are not specified, the secret inherits all of the scopes that are specified in the security integration.

For the ServiceNow connector, the only possible scope value is 'useraccount'.

Default: Empty list (i.e. []).

COMMENT = 'string_literal'

添加注释或覆盖集成的现有注释。

默认：无值

TAG tag_name = 'tag_value' [ , tag_name = 'tag_value' , ... ]

Specifies the tag name and the tag string value.

The tag value is always a string, and the maximum number of characters for the tag value is 256.

For information about specifying tags in a statement, see Tag quotas.

访问控制要求

A role used to execute this operation must have the following privileges at a minimum:

权限	对象	备注
OWNERSHIP	集成	OWNERSHIP is a special privilege on an object that is automatically granted to the role that created the object, but can also be transferred using the [GRANT OWNERSHIP](/sql-reference/sql/grant-ownership) command to a different role by the owning role (or any role with the MANAGE GRANTS privilege).

For instructions on creating a custom role with a specified set of privileges, see Creating custom roles.

For general information about roles and privilege grants for performing SQL actions on securable objects, see Overview of Access Control.

使用说明

关于元数据：

Attention

Customers should ensure that no personal data (other than for a User object), sensitive data, export-controlled data, or other regulated data is entered as metadata when using the Snowflake service. For more information, see Metadata fields in Snowflake.

示例

以下示例启动了已暂停的集成的操作：

ALTER SECURITY INTEGRATION myint SET ENABLED = TRUE;