ALTER USER … MODIFY PROGRAMMATIC ACCESS TOKEN (PAT)

Changes the name of a programmatic access token or a property of the token.

Note

在使用编程访问令牌进行身份验证的会话中,您无法修改或重命名编程访问令牌。

See also:

ALTER USER … ADD PROGRAMMATIC ACCESS TOKEN (PAT) , ALTER USER … ROTATE PROGRAMMATIC ACCESS TOKEN (PAT) , ALTER USER … REMOVE PROGRAMMATIC ACCESS TOKEN (PAT) , SHOW USER PROGRAMMATIC ACCESS TOKENS

语法

ALTER USER [ IF EXISTS ] [ <username> ] MODIFY { PROGRAMMATIC ACCESS TOKEN | PAT } <token_name>
  RENAME TO <new_token_name>

ALTER USER [ IF EXISTS ] [ <username> ] MODIFY { PROGRAMMATIC ACCESS TOKEN | PAT } <token_name> SET
  [ DISABLED = { TRUE | FALSE } ]
  [ MINS_TO_BYPASS_NETWORK_POLICY_REQUIREMENT = <integer> ]
  [ COMMENT = '<string_literal>' ]

ALTER USER [ IF EXISTS ] [ <username> ] MODIFY { PROGRAMMATIC ACCESS TOKEN | PAT } <token_name> UNSET
  [ DISABLED ]
  [ MINS_TO_BYPASS_NETWORK_POLICY_REQUIREMENT ]
  [ COMMENT ]

参数

username

与令牌关联的用户的名称。

If username is omitted, the command modifies the programmatic access token for the user who is currently logged in (the active user of this session).

MODIFY { PROGRAMMATIC ACCESS TOKEN | PAT } token_name

修改具有指定名称的编程访问令牌。

You can use the keyword PAT as a shorter way of specifying the keywords PROGRAMMATIC ACCESS TOKEN.

RENAME TO new_token_name

为编程访问令牌指定新名称。

SET ...

指定要为编程访问令牌设置的一个(或多个)属性(用空格、逗号或新行分隔):

DISABLED = { TRUE | FALSE }

禁用或启用编程访问令牌。

如果用户被禁用或 Snowflake 锁定用户,则与该用户相关联的编程令牌将自动禁用。如果该用户随后被启用或 Snowflake 解锁该用户,编程访问令牌也仍然保持禁用状态。要再次启用令牌,请将 DISABLED 设置为 FALSE。

For information, see Re-enabling a disabled programmatic access token.

MINS_TO_BYPASS_NETWORK_POLICY_REQUIREMENT = integer

The number of minutes during which a user can use this token to access Snowflake without being subject to an active network policy.

You can set this for a token for a person (if the USER object has TYPE=PERSON) if that person is not subject to a network policy but needs to use a programmatic access token for authentication. See Network policy requirements.

Note

Setting MINS_TO_BYPASS_NETWORK_POLICY_REQUIREMENT does not allow users to bypass the network policy itself.

You can set this to a value in the range of 1 to 1440 (1 day).

Default: 0

COMMENT = 'string_literal'

Descriptive comment about the programmatic access token. This comment is displayed in the list of programmatic access tokens in Snowsight.

UNSET ...

取消为编程访问令牌设置的一个或多个指定属性或参数,并将这些属性重置为其默认值:

  • DISABLED
  • MINS_TO_BYPASS_NETWORK_POLICY_REQUIREMENT
  • COMMENT

To unset multiple properties or parameters with a single ALTER statement, separate each property or parameter with a comma.

When unsetting a property or parameter, specify only the property or parameter name (unless the syntax above indicates that you should specify the value). Specifying the value returns an error.

访问控制要求

A role used to execute this operation must have the following privileges at a minimum:

权限对象备注
MODIFY PROGRAMMATIC AUTHENTICATION METHODS用户仅在为除您自己或服务用户之外的人类用户修改编程访问令牌时需要。

For instructions on creating a custom role with a specified set of privileges, see Creating custom roles.

For general information about roles and privilege grants for performing SQL actions on securable objects, see Overview of Access Control.

使用说明

在使用编程访问令牌进行身份验证的会话中,您无法修改或重命名编程访问令牌。

示例

Change the name of a programmatic access token associated with the user example_user:

ALTER USER IF EXISTS example_user MODIFY PROGRAMMATIC ACCESS TOKEN old_token_name
  RENAME TO new_token_name;

更改与编程访问令牌相关的评论:

ALTER USER IF EXISTS example_user MODIFY PROGRAMMATIC ACCESS TOKEN token_name
  SET COMMENT = 'my new comment';