- Categories:
User & Security DDL (Third-Party Service Integrations)
ALTER SECURITY INTEGRATION¶
Modifies the properties for an existing security integration.
In this Topic:
Syntax¶
ALTER [ SECURITY ] INTEGRATION <name> SET TAG <tag_name> = '<tag_value>' [ , <tag_name> = '<tag_value>' ... ]
ALTER [ SECURITY ] INTEGRATION <name> UNSET TAG <tag_name> [ , <tag_name> ... ]
External OAuth
ALTER [ SECURITY ] INTEGRATION [ IF EXISTS ] <name> SET [ TYPE = EXTERNAL_OAUTH ] [ ENABLED = { TRUE | FALSE } ] [ EXTERNAL_OAUTH_TYPE = { OKTA | AZURE | PING_FEDERATE | CUSTOM } ] [ EXTERNAL_OAUTH_ISSUER = '<string_literal>' ] [ EXTERNAL_OAUTH_TOKEN_USER_MAPPING_CLAIM = '<string_literal>' | ('<string_literal>', '<string_literal>' [ , ... ] ) ] [ EXTERNAL_OAUTH_SNOWFLAKE_USER_MAPPING_ATTRIBUTE = 'LOGIN_NAME | EMAIL_ADDRESS' ] [ EXTERNAL_OAUTH_JWS_KEYS_URL = '<string_literal>' ] -- For OKTA | PING_FEDERATE | CUSTOM [ EXTERNAL_OAUTH_JWS_KEYS_URL = '<string_literal>' | ('<string_literal>' [ , '<string_literal>' ... ] ) ] -- For Azure [ EXTERNAL_OAUTH_RSA_PUBLIC_KEY = <public_key1> ] [ EXTERNAL_OAUTH_RSA_PUBLIC_KEY_2 = <public_key2> ] [ EXTERNAL_OAUTH_BLOCKED_ROLES_LIST = ( '{role_name}' [ , '{role_name}' , ... ] ) ] [ EXTERNAL_OAUTH_ALLOWED_ROLES_LIST = ( '{role_name}' [ , '{role_name}' , ... ] ) ] [ EXTERNAL_OAUTH_AUDIENCE_LIST = ('<string_literal>') ] [ EXTERNAL_OAUTH_ANY_ROLE_MODE = DISABLE | ENABLE | ENABLE_FOR_PRIVILEGE ] [ EXTERNAL_OAUTH_SCOPE_DELIMITER = '<string_literal>' ] -- Only for EXTERNAL_OAUTH_TYPE = CUSTOM ALTER [ SECURITY ] INTEGRATION [ IF EXISTS ] <name> UNSET { ENABLED | EXTERNAL_OAUTH_AUDIENCE_LIST | } [ , ... ]
SAML2
ALTER [ SECURITY ] INTEGRATION [ IF EXISTS ] <name> SET [ TYPE = SAML2 ] [ ENABLED = TRUE | FALSE ] [ SAML2_ISSUER = '<string_literal>' ] [ SAML2_SSO_URL = '<string_literal>' ] [ SAML2_PROVIDER = '<string_literal>' ] [ SAML2_X509_CERT = '<string_literal>' ] [ SAML2_SP_INITIATED_LOGIN_PAGE_LABEL = '<string_literal>' ] [ SAML2_ENABLE_SP_INITIATED = TRUE | FALSE ] [ SAML2_SNOWFLAKE_X509_CERT = '<string_literal>' ] [ SAML2_SIGN_REQUEST = TRUE | FALSE ] [ SAML2_REQUESTED_NAMEID_FORMAT = '<string_literal>' ] [ SAML2_POST_LOGOUT_REDIRECT_URL = '<string_literal>' ] [ SAML2_FORCE_AUTHN = TRUE | FALSE ] [ SAML2_SNOWFLAKE_ISSUER_URL = '<string_literal>' ] [ SAML2_SNOWFLAKE_ACS_URL = '<string_literal>' ] ALTER [ SECURITY ] INTEGRATION [ IF EXISTS ] <name> UNSET { ENABLED | [ , ... ] }
SCIM
ALTER [ SECURITY ] INTEGRATION [ IF EXISTS ] <name> SET [ NETWORK_POLICY = '<network_policy>' ] [ SYNC_PASSWORD = TRUE | FALSE ] [ COMMENT = '<string_literal>' ] ALTER [ SECURITY ] INTEGRATION [ IF EXISTS ] <name> UNSET { NETWORK_POLICY | [ , ... ] }
Snowflake OAuth for Partner applications
ALTER [ SECURITY ] INTEGRATION [ IF EXISTS ] <name> SET [ ENABLED = { TRUE | FALSE } ] [ OAUTH_ISSUE_REFRESH_TOKENS = TRUE | FALSE ] [ OAUTH_REFRESH_TOKEN_VALIDITY = <integer> ] [ OAUTH_USE_SECONDARY_ROLES = IMPLICIT | NONE ] [ BLOCKED_ROLES_LIST = ( '<role_name>' [ , '<role_name>' , ... ] ) ] [ COMMENT = '<string_literal>' ] ALTER [ SECURITY ] INTEGRATION [ IF EXISTS ] <name> UNSET { ENABLED | COMMENT } [ , ... ]
Snowflake OAuth for Custom clients
ALTER [ SECURITY ] INTEGRATION [ IF EXISTS ] <name> SET [ ENABLED = { TRUE | FALSE } ] [ OAUTH_REDIRECT_URI = '<uri>' ] [ OAUTH_ALLOW_NON_TLS_REDIRECT_URI = TRUE | FALSE ] [ OAUTH_ENFORCE_PKCE = TRUE | FALSE ] [ PRE_AUTHORIZED_ROLES_LIST = ( '<role_name>' [ , '<role_name>' , ... ] ) ] [ BLOCKED_ROLES_LIST = ( '<role_name>' [ , '<role_name>' , ... ] ) ] [ OAUTH_ISSUE_REFRESH_TOKENS = TRUE | FALSE ] [ OAUTH_REFRESH_TOKEN_VALIDITY = <integer> ] [ OAUTH_USE_SECONDARY_ROLES = IMPLICIT | NONE ] [ NETWORK_POLICY = '<network_policy>' ] [ OAUTH_CLIENT_RSA_PUBLIC_KEY = <public_key1> ] [ OAUTH_CLIENT_RSA_PUBLIC_KEY_2 = <public_key2> ] [ COMMENT = '{string_literal}' ] ALTER [ SECURITY ] INTEGRATION [ IF EXISTS ] <name> UNSET { ENABLED | NETWORK_POLICY | OAUTH_CLIENT_RSA_PUBLIC_KEY | OAUTH_CLIENT_RSA_PUBLIC_KEY_2 | OAUTH_USE_SECONDARY_ROLES = IMPLICIT | NONE COMMENT } [ , ... ]
Parameters¶
name
Identifier for the integration to alter. If the identifier contains spaces or special characters, the entire string must be enclosed in double quotes. Identifiers enclosed in double quotes are also case-sensitive.
External OAuth Parameters¶
SET ...
Specifies one or more properties/parameters to set for the integration (separated by blank spaces, commas, or new lines):
TYPE = EXTERNAL_OAUTH
Distinguishes the External OAuth integration from a Snowflake OAuth integration.
ENABLED = TRUE | FALSE
Specifies whether to initiate operation of the integration or suspend it.
TRUE
allows the integration to run based on the parameters specified in the pipe definition.FALSE
suspends the integration for maintenance. Any integration between Snowflake and a third-party service fails to work.
EXTERNAL_OAUTH_TYPE = OKTA | AZURE | PING_FEDERATE | CUSTOM
Specifies the OAuth 2.0 authorization server to be Okta, Microsoft Azure AD, Ping Identity PingFederate, or a Custom OAuth 2.0 authorization server.
EXTERNAL_OAUTH_ISSUER = 'string_literal'
Specifies the URL to define the OAuth 2.0 authorization server.
EXTERNAL_OAUTH_TOKEN_USER_MAPPING_CLAIM = 'string_literal' | ('string_literal', 'string_literal' [ , ... ] )
Specifies the access token claim or claims that can be used to map the access token to a Snowflake user record.
The data type of the claim must be a string or a list of strings.
EXTERNAL_OAUTH_SNOWFLAKE_USER_MAPPING_ATTRIBUTE = 'LOGIN_NAME | EMAIL_ADDRESS'
Indicates which Snowflake user record attribute should be used to map the access token to a Snowflake user record.
EXTERNAL_OAUTH_JWS_KEYS_URL = 'string_literal'
Specifies the endpoint from which to download public keys or certificates to validate an External OAuth access token.
This syntax applies to security integrations where
EXTERNAL_OAUTH_TYPE = OKTA | PING_FEDERATE | CUSTOM
EXTERNAL_OAUTH_JWS_KEYS_URL = 'string_literal' | ('string_literal' [ , 'string_literal' ... ] )
Specifies the endpoint or a list of endpoints from which to download public keys or certificates to validate an External OAuth access token. The maximum number of URLs that can be specified in the list is 3.
This syntax applies to security integrations where
EXTERNAL_OAUTH_TYPE = AZURE
EXTERNAL_OAUTH_RSA_PUBLIC_KEY = public_key1
Specifies a Base64-encoded RSA public key, without the
-----BEGIN PUBLIC KEY-----
and-----END PUBLIC KEY-----
headers.EXTERNAL_OAUTH_RSA_PUBLIC_KEY_2 = public_key2
Specifies a second RSA public key, without the
-----BEGIN PUBLIC KEY-----
and-----END PUBLIC KEY-----
headers. Used for key rotation.EXTERNAL_OAUTH_BLOCKED_ROLES_LIST = ( 'role_name' [ , 'role_name' , ... ] )
Specifies the list of roles that a client cannot set as the primary role.
A role in this list cannot be used when creating a Snowflake session based on the access token from the External OAuth authorization server.
EXTERNAL_OAUTH_ALLOWED_ROLES_LIST = ( 'role_name' [ , 'role_name' , ... ] )
Specifies the list of roles that the client can set as the primary role.
A role in this list can be used when creating a Snowflake session based on the access token from the External OAuth authorization server.
Caution
This parameter supports the ACCOUNTADMIN and SECURITYADMIN system roles.
Exercise caution when creating a Snowflake session with these highly privileged roles set as the primary role.
EXTERNAL_OAUTH_AUDIENCE_LIST = ('string_literal')
Specifies additional values that can be used for the access token’s audience validation on top of using the Customer’s Snowflake Account URL (i.e.
<account_identifier>.snowflakecomputing.com
). For more information, see Account Identifiers.Currently, multiple audience URLs can be specified for External OAuth Custom Clients only. Each URL must be enclosed in single quotes, with a comma separating each URL. For example:
external_oauth_audience_list = ('https://example.com/api/v2/', 'https://example.com')
EXTERNAL_OAUTH_ANY_ROLE_MODE = DISABLE | ENABLE | ENABLE_FOR_PRIVILEGE
Specifies whether the OAuth client or user can use a role that is not defined in the OAuth access token.
DISABLE
does not allow the OAuth client or user to switch roles (i.e.use role <role>;
). Default.ENABLE
allows the OAuth client or user to switch roles.ENABLE_FOR_PRIVILEGE
allows the OAuth client or user to switch roles only for a client or user with theUSE_ANY_ROLE
privilege. This privilege can be granted and revoked to one or more roles available to the user. For example:
Note that the value can be optionally enclosed in single quotes (e.g. either
DISABLE
or'DISABLE'
).grant USE_ANY_ROLE on integration external_oauth_1 to role1;
revoke USE_ANY_ROLE on integration external_oauth_1 from role1;
EXTERNAL_OAUTH_SCOPE_DELIMITER = 'string_literal'
Specifies the scope delimiter in the authorization token.
The delimiter can be any single character, such as comma (
','
) or space (' '
).This security integration property is optional and can be used to override the default comma delimiter. Note that this property is only supported for custom External OAuth integrations, where:
EXTERNAL_OAUTH_TYPE = CUSTOM
Contact Snowflake Support to enable this property in your Snowflake account.
TAG tag_name = 'tag_value' [ , tag_name = 'tag_value' , ... ]
Specifies the tag name (i.e. the key) and the tag value.
The tag value is always a string, and the maximum number of characters for the tag value is 256. The maximum number of unique tag keys that can be set on an object is 20.
UNSET ...
Specifies one or more properties/parameters to unset for the security integration, which resets them back to their defaults:
ENABLED
EXTERNAL_OAUTH_AUDIENCE_LIST
TAG tag_name [ , tag_name ... ]
SAML 2.0 Parameters¶
SET ...
Specifies one or more properties/parameters to set for the integration (separated by blank spaces, commas, or new lines):
TYPE = SAML2
Specify the type of integration:
SAML2
: Creates a security interface between Snowflake and the identity provider.
ENABLED = TRUE | FALSE
Specifies whether to initiate operation of the integration or suspend it.
TRUE
allows the integration to run based on the parameters specified in the pipe definition.FALSE
suspends the integration for maintenance. Any integration between Snowflake and a third-party service fails to work.
SAML2_ISSUER = 'string_literal'
The string containing the IdP
EntityID
/Issuer
.SAML2_SSO_URL = 'string_literal'
The string containing the IdP SSO URL, where the user should be redirected by Snowflake (the Service Provider) with a SAML
AuthnRequest
message.SAML2_PROVIDER = 'string_literal'
The string describing the IdP.
One of the following: OKTA, ADFS, Custom.
SAML2_X509_CERT = 'string_literal'
The Base64 encoded IdP signing certificate on a single line without the leading
-----BEGIN CERTIFICATE-----
and ending-----END CERTIFICATE-----
markers.SAML2_SP_INITIATED_LOGIN_PAGE_LABEL = 'string_literal'
The string containing the label to display after the Log In With button on the login page.
SAML2_ENABLE_SP_INITIATED = TRUE | FALSE
The Boolean indicating if the Log In With button will be shown on the login page.
TRUE
displays the Log in With button on the login page.FALSE
does not display the Log in With button on the login page..
SAML2_SNOWFLAKE_X509_CERT = 'string_literal'
The Base64 encoded self-signed certificate generated by Snowflake for use with Encrypting SAML Assertions and Signed SAML Requests.
You must have at least one of these features (encrypted SAML assertions or signed SAML responses) enabled in your Snowflake account to access the certificate value.
SAML2_SIGN_REQUEST = TRUE | FALSE
The Boolean indicating whether SAML requests are signed.
TRUE
allows SAML requests to be signed.FALSE
does not allow SAML requests to be signed.
SAML2_REQUESTED_NAMEID_FORMAT = 'string_literal'
The SAML NameID format allows Snowflake to set an expectation of the identifying attribute of the user (i.e. SAML Subject) in the SAML assertion from the IdP to ensure a valid authentication to Snowflake. If a value is not specified, Snowflake sends the
urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
value in the authentication request to the IdP.Optional.
If you choose to specify the SAML
NameID
format, use one of the following values:urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName
urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName
urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos
urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
urn:oasis:names:tc:SAML:2.0:nameid-format:transient
SAML2_POST_LOGOUT_REDIRECT_URL = '<string_literal>'
The endpoint to which Snowflake redirects users after clicking the Log Out button in the classic web interface.
Snowflake terminates the Snowflake session upon redirecting to the specified endpoint.
SAML2_FORCE_AUTHN = TRUE | FALSE
The Boolean indicating whether users, during the initial authentication flow, are forced to authenticate again to access Snowflake. When set to
TRUE
, Snowflake sets theForceAuthn
SAML parameter toTRUE
in the outgoing request from Snowflake to the identity provider.TRUE
forces users to authenticate again to access Snowflake, even if a valid session with the identity provider exists.FALSE
does not force users to authenticate again to access Snowflake.
Default:
FALSE
.SAML2_SNOWFLAKE_ISSUER_URL = '<string_literal>'
The string containing the
EntityID
/Issuer
for the Snowflake service provider.If an incorrect value is specified, Snowflake returns an error message indicating the acceptable values to use.
SAML2_SNOWFLAKE_ACS_URL = '<string_literal>'
The string containing the Snowflake Assertion Consumer Service URL to which the IdP will send its SAML authentication response back to Snowflake.
This property will be set in the SAML authentication request generated by Snowflake when initiating a SAML SSO operation with the IdP.
If an incorrect value is specified, Snowflake returns an error message indicating the acceptable values to use.
Default:
https://<account_locator>.<region>.snowflakecomputing.com/fed/login
For more information, see:
TAG tag_name = 'tag_value' [ , tag_name = 'tag_value' , ... ]
Specifies the tag name (i.e. the key) and the tag value.
The tag value is always a string, and the maximum number of characters for the tag value is 256. The maximum number of unique tag keys that can be set on an object is 20.
UNSET ...
Specifies one or more properties/parameters to unset for the security integration, which resets them back to their defaults:
ENABLED
TAG tag_name [ , tag_name ... ]
SCIM Parameters¶
NETWORK_POLICY = 'network_policy'
Specifies an existing network policy active for your account. The network policy restricts the list of user IP addresses when exchanging an authorization code for an access or refresh token and when using a refresh token to obtain a new access token. If this parameter is not set, the network policy for the account (if any) is used instead.
SYNC_PASSWORD = TRUE | FALSE
Specifies whether to enable or disable the synchronization of a user password from an Okta SCIM client as part of the API request to Snowflake.
TRUE
enables password synchronization.FALSE
disables password synchronization.
Default
TRUE
. If a security integration is created without setting this parameter, Snowflake sets this parameter toTRUE
.If user passwords should not be synchronized from the client to Snowflake, ensure this property value is set to
FALSE
and disable password synchronization in the Okta client.Note that this property is only supported for Okta SCIM integrations. Azure SCIM integrations are not supported because Microsoft Azure does not support password synchronization. To request support, please contact Microsoft Azure.
For details, see Managing Users & Groups with SCIM.
COMMENT
String (literal) that specifies a comment for the integration.
Default: No value
TAG tag_name = 'tag_value' [ , tag_name = 'tag_value' , ... ]
Specifies the tag name (i.e. the key) and the tag value.
The tag value is always a string, and the maximum number of characters for the tag value is 256. The maximum number of unique tag keys that can be set on an object is 20.
UNSET ...
Specifies one or more properties/parameters to unset for the security integration, which resets them back to their defaults:
NETWORK_POLICY
SYNC_PASSWORD
COMMENT
TAG tag_name [ , tag_name ... ]
Snowflake OAuth Partner Application Parameters¶
Valid when OAUTH_CLIENT = <partner_application> (i.e. when creating an integration for a partner application)
SET ...
Specifies one or more properties/parameters to set for the integration (separated by blank spaces, commas, or new lines):
ENABLED = TRUE | FALSE
Specifies whether to initiate operation of the integration or suspend it.
TRUE
allows the integration to run based on the parameters specified in the pipe definition.FALSE
suspends the integration for maintenance. Any integration between Snowflake and a third-party service fails to work.
OAUTH_ISSUE_REFRESH_TOKENS = TRUE | FALSE
Boolean that specifies whether to allow the client to exchange a refresh token for an access token when the current access token has expired. If set to
FALSE
, a refresh token is not issued. User consent is revoked, and the user must confirm authorization again.Default:
TRUE
OAUTH_REFRESH_TOKEN_VALIDITY = integer
Integer that specifies how long refresh tokens should be valid (in seconds). This can be used to expire the refresh token periodically.
Note that if your organization would like the minimum or maximum values lowered or raised, respectively, ask your account administrator to send a request to Snowflake Support.
- Values
86400
(1 day) to7776000
(90 days)- Default
7776000
OAUTH_USE_SECONDARY_ROLES = IMPLICIT | NONE
IMPLICIT
Default secondary roles set in the user properties are activated by default in the session being opened.
NONE
Default secondary roles are not supported in the session being opened.
Default:
NONE
BLOCKED_ROLES_LIST = ( 'role_name' [ , 'role_name' , ... ] )
Comma-separated list of Snowflake roles that a user cannot explicitly consent to using after authenticating (e.g.
'custom_role1', 'custom_role2'
).Note that the ACCOUNTADMIN and SECURITYADMIN roles are included in this list by default; however, if these roles should be removed for your account, ask your account administrator to send a request to Snowflake Support.
TAG tag_name = 'tag_value' [ , tag_name = 'tag_value' , ... ]
Specifies the tag name (i.e. the key) and the tag value.
The tag value is always a string, and the maximum number of characters for the tag value is 256. The maximum number of unique tag keys that can be set on an object is 20.
COMMENT = 'string_literal'
String (literal) that specifies a comment for the integration.
Snowflake OAuth Custom Client Parameters¶
Valid when OAUTH_CLIENT = CUSTOM (i.e. when creating an integration for a custom client)
SET ...
Specifies one or more properties/parameters to set for the integration (separated by blank spaces, commas, or new lines):
ENABLED = TRUE | FALSE
Specifies whether to initiate operation of the integration or suspend it.TRUE
allows the integration to run based on the parameters specified in the pipe definition.FALSE
suspends the integration for maintenance. Any integration between Snowflake and a third-party service fails to work.
OAUTH_REDIRECT_URI = 'uri'
Specifies the client URI. After a user is authenticated, the web browser is redirected to this URI. The URI must be protected by TLS (Transport Layer Security) unless the optional
OAUTH_ALLOW_NON_TLS_REDIRECT_URI
parameter is set toTRUE
.OAUTH_ALLOW_NON_TLS_REDIRECT_URI = TRUE | FALSE
If
TRUE
, allows settingOAUTH_REDIRECT_URI
to a URI not protected by TLS. We highly recommend use of TLS to prevent man-in-the-middle OAuth redirects for use in phishing attacks.Default:
FALSE
OAUTH_ENFORCE_PKCE = TRUE | FALSE
Boolean that specifies whether Proof Key for Code Exchange (PKCE) should be required for the integration.
Default:
FALSE
OAUTH_USE_SECONDARY_ROLES = IMPLICIT | NONE
IMPLICIT
Default secondary roles set in the user properties are activated by default in the session being opened.
NONE
Default secondary roles are not supported in the session being opened.
Default:
NONE
PRE_AUTHORIZED_ROLES_LIST = '( role_name' [ , 'role_name , ... ] ')
Comma-separated list of Snowflake roles that a user does not need to explicitly consent to using after authenticating, e.g.
'custom_role1', 'custom_role2'
. Note that the ACCOUNTADMIN and SECURITYADMIN roles cannot be included in this list.Note
This parameter is supported for confidential clients only.
BLOCKED_ROLES_LIST = ( 'role_name' [ , 'role_name' , ... ] )
Comma-separated list of Snowflake roles that a user cannot explicitly consent to using after authenticating (e.g.
'custom_role1', 'custom_role2'
).Note that the ACCOUNTADMIN and SECURITYADMIN roles are included in this list by default; however, if these roles should be removed for your account, ask your account administrator to send a request to Snowflake Support.
OAUTH_ISSUE_REFRESH_TOKENS = TRUE | FALSE
Boolean that specifies whether to allow the client to exchange a refresh token for an access token when the current access token has expired. If set to
FALSE
, a refresh token is not issued. User consent is revoked, and the user must confirm authorization again.Default:
TRUE
OAUTH_REFRESH_TOKEN_VALIDITY = integer
Integer that specifies how long refresh tokens should be valid (in seconds). This can be used to expire the refresh token periodically.
When a refresh token expires, the application will need to direct the user through the authorization flow again to obtain a new refresh token.
The supported minimum, maximum, and default values are as follows:
Application
Minimum
Maximum
Default
Tableau Desktop
60
(1 minute)36000
(10 hours)36000
(10 hours)Tableau Server or Tableau Online
60
(1 minute)7776000
(90 days)7776000
(90 days)Custom client
86400
(1 day)7776000
(90 days)7776000
(90 days)If you have a business need to lower the minimum value or raise the maximum value, ask your account administrator to send a request to Snowflake Support.
NETWORK_POLICY = 'network_policy'
Specifies an existing network policy active for your account. The network policy restricts the list of user IP addresses when exchanging an authorization code for an access or refresh token and when using a refresh token to obtain a new access token. If this parameter is not set, the network policy for the account (if any) is used instead.
OAUTH_CLIENT_RSA_PUBLIC_KEY = public_key1
Specifies an RSA public key. For more information, see OAuth.
OAUTH_CLIENT_RSA_PUBLIC_KEY_2 = public_key2
Specifies a second RSA public key. Used for key rotation.
TAG tag_name = 'tag_value' [ , tag_name = 'tag_value' , ... ]
Specifies the tag name (i.e. the key) and the tag value.
The tag value is always a string, and the maximum number of characters for the tag value is 256. The maximum number of unique tag keys that can be set on an object is 20.
COMMENT = 'string_literal'
String (literal) that specifies a comment for the integration.
UNSET ...
Specifies one or more properties/parameters to unset for the security integration, which resets them back to their defaults:
ENABLED
NETWORK_POLICY
OAUTH_CLIENT_RSA_PUBLIC_KEY
OAUTH_CLIENT_RSA_PUBLIC_KEY_2
TAG tag_name [ , tag_name ... ]
COMMENT
Usage Notes¶
Regarding metadata:
Attention
Customers should ensure that no personal data (other than for a User object), sensitive data, export-controlled data, or other regulated data is entered as metadata when using the Snowflake service. For more information, see Metadata Fields in Snowflake.
Examples¶
The following example initiates operation of a suspended integration:
ALTER SECURITY INTEGRATION myint SET ENABLED = TRUE;