10.15 Release Notes (Preview)¶
Attention
Content on this page is available in advance of the completion of the 10.15 release, which is currently either pending or in progress and is scheduled for completion on May 5 (subject to change).
Features, updates, or behavior changes described on this page might not be available in your accounts until the release is complete.
For updates to these release notes, see Release notes change log.
Security updates¶
Programmatic access tokens: role restrictions and blocked roles¶
Authentication policies for programmatic access tokens now support two new capabilities: requiring role restrictions for person users, and blocking specific roles from being used as token restrictions.
Previously, role restrictions could only be enforced or lifted for service users. The new PAT_POLICY properties provide finer control:
REQUIRE_ROLE_RESTRICTION_FOR_PERSON_USERS: when set to TRUE, person users (TYPE=PERSON or TYPE=NULL) must specify a role when generating a programmatic access token. The default is FALSE.BLOCKED_ROLES_LIST: prevents specified roles (for example, ACCOUNTADMIN or SYSADMIN) from being used as the role restriction for any programmatic access token. Blocking a role also invalidates existing tokens restricted to that role.
Release notes change log¶
Announcement |
Update |
Date |
|---|---|---|
Release notes |
Initial publication (preview) |
Apr 24, 2026 |