DESCRIBE PASSWORD POLICY¶
描述有关密码策略的详细信息。
DESCRIBE 可以缩写为 DESC。
- 另请参阅:
语法¶
DESC[RIBE] PASSWORD POLICY <name>
参数¶
name密码策略的标识符;对于您的账户必须是唯一的。
标识符值必须以字母字符开头,且不能包含空格或特殊字符,除非整个标识符字符串放在双引号内(例如
"My object")。放在双引号内的标识符也区分大小写。有关更多详细信息,请参阅 标识符要求。
访问控制要求¶
用于执行此 SQL 命令的 角色 必须至少具有以下 一项 权限:
权限 |
对象 |
备注 |
|---|---|---|
APPLY PASSWORD POLICY |
账户 |
|
OWNERSHIP |
密码策略 |
OWNERSHIP is a special privilege on an object that is automatically granted to the role that created the object, but can also be transferred using the GRANT OWNERSHIP command to a different role by the owning role (or any role with the MANAGE GRANTS privilege). |
The USAGE privilege on the parent database and schema are required to perform operations on any object in a schema. Note that a role granted any privilege on a schema allows that role to resolve the schema. For example, a role granted CREATE privilege on a schema can create objects on that schema without also having USAGE granted on that schema.
有关创建具有指定权限集的自定义角色的说明,请参阅 创建自定义角色。
有关对 安全对象 执行 SQL 操作的相应角色和权限授予的一般信息,请参阅 访问控制概述。
有关密码策略 DDL 和权限的其他详细信息,请参阅 DDL 命令。
使用说明¶
To post-process the output of this command, you can use the pipe operator (
->>) or the RESULT_SCAN function. Both constructs treat the output as a result set that you can query.The output column names for this command are generated in lowercase. If you consume a result set from this command with the pipe operator or the RESULT_SCAN function, use double-quoted identifiers for the column names in the query to ensure that they match the column names in the output that was scanned. For example, if the name of an output column is
type, then specify"type"for the identifier.
示例¶
DESC PASSWORD POLICY password_policy_prod_1;
+-----------------------------------+----------------------------------------+-------------+-----------------------------------------------------------------------------------------------------------------------------------------------+
| property | value | default | description |
+-----------------------------------+----------------------------------------+-------------+-----------------------------------------------------------------------------------------------------------------------------------------------+
| NAME | PASSWORD_POLICY_PROD_1 | null | Name of password policy. |
| OWNER | PROD_ADMIN | null | Owner of password policy. |
| COMMENT | production account password policy | null | user comment associated to an object in the dictionary |
| PASSWORD_MIN_LENGTH | 12 | 8 | Minimum length of new password. |
| PASSWORD_MAX_LENGTH | 24 | 256 | Maximum length of new password. |
| PASSWORD_MIN_UPPER_CASE_CHARS | 2 | 1 | Minimum number of uppercase characters in new password. |
| PASSWORD_MIN_LOWER_CASE_CHARS | 2 | 1 | Minimum number of lowercase characters in new password. |
| PASSWORD_MIN_NUMERIC_CHARS | 2 | 1 | Minimum number of numeric characters in new password. |
| PASSWORD_MIN_SPECIAL_CHARS | 2 | 0 | Minimum number of special characters in new password. |
| PASSWORD_MIN_AGE_DAYS | 1 | 0 | Period after a password is changed during which a password cannot be changed again, in days. |
| PASSWORD_MAX_AGE_DAYS | 30 | 90 | Period after which password must be changed, in days. |
| PASSWORD_MAX_RETRIES | 5 | 5 | Number of attempts users have to enter the correct password before their account is locked. |
| PASSWORD_LOCKOUT_TIME_MINS | 30 | 15 | Period of time for which users will be locked after entering their password incorrectly many times (specified by MAX_RETRIES), in minutes |
| PASSWORD_HISTORY | 5 | 24 | Number of most recent passwords that may not be repeated by the user |
+-----------------------------------+----------------------------------------+-------------+-----------------------------------------------------------------------------------------------------------------------------------------------+