SHOW USER PROGRAMMATIC ACCESS TOKENS

Lists the programmatic access tokens associated with a user.

Note

The list includes programmatic access tokens that have expired within the past 30 days. To view information about tokens that have expired more than 30 days ago, query the CREDENTIALS view.

See also:

ALTER USER … ADD PROGRAMMATIC ACCESS TOKEN (PAT) , ALTER USER … MODIFY PROGRAMMATIC ACCESS TOKEN (PAT) , ALTER USER … ROTATE PROGRAMMATIC ACCESS TOKEN (PAT) , ALTER USER … REMOVE PROGRAMMATIC ACCESS TOKEN (PAT)

语法

SHOW USER { PROGRAMMATIC ACCESS TOKENS | PATS } [ FOR USER <username> ]

您可以使用关键字 PATS 作为指定关键字 PROGRAMMATIC ACCESS TOKENS 的简便方法。

参数

FOR USER username

列出指定用户的编程访问令牌。

默认值:列出当前用户的编程访问令牌。

输出

The output of the command includes the following columns, which describe the properties and metadata of the object:

命令输出包括以下各列,这些列提供了每个编程访问令牌的属性和元数据:

ColumnDescription
nameThe name of the programmatic access token.
user_name

与编程访问令牌关联的用户名。

If the user associated with the programmatic access token was removed from the account, then Snowflake returns the user ID instead of the username. You can find information about a removed user by using the USERS view in the ACCOUNT_USAGE schema.

role_restrictionThe name of the role that the programmatic access token inherits privileges from.
expires_atThe timestamp when the programmatic access token expires.
status

编程访问令牌的状态。此列可以是以下值之一:

  • ACTIVE: The programmatic access token can be used to authenticate and has not expired yet.
  • EXPIRED: The programmatic access token cannot be used to authenticate because the expiration date has passed.
  • DISABLED: The programmatic access token is disabled because user login access is disabled or the user is locked out of logging in.
commentA user-provided comment about the programmatic access token.
created_onThe date when the programmatic access token was created.
created_byThe username or user ID of the user who created the programmatic access token.
mins_to_bypass_required_network_policy

The number of minutes during which a user can use this token to access Snowflake without being subject to an active network policy.

访问控制要求

A role used to execute this operation must have the following privileges at a minimum:

权限对象备注
MODIFY用户仅在为除您自己或服务用户之外的人类用户显示编程访问令牌时需要。

For instructions on creating a custom role with a specified set of privileges, see Creating custom roles.

For general information about roles and privilege grants for performing SQL actions on securable objects, see Overview of Access Control.

使用说明

  • 该命令列出给定用户的所有编程访问令牌,而不是账户的所有编程访问令牌。
  • 编程访问令牌密钥在创建后永远不会返回。
  • 七天后,过期的编程访问令牌将被删除,不再出现在命令的输出中。

示例

Show information about programmatic access tokens associated with the user example_user:

SHOW USER PROGRAMMATIC ACCESS TOKENS FOR USER example_user;