ALTER USER … MODIFY PROGRAMMATIC ACCESS TOKEN (PAT)¶
Changes the name of a programmatic access token or a property of the token.
- See also:
ALTER USER … ADD PROGRAMMATIC ACCESS TOKEN (PAT) , ALTER USER … ROTATE PROGRAMMATIC ACCESS TOKEN (PAT) , ALTER USER … REMOVE PROGRAMMATIC ACCESS TOKEN (PAT) , SHOW USER PROGRAMMATIC ACCESS TOKENS
Syntax¶
ALTER USER [ IF EXISTS ] [ <username> ] MODIFY { PROGRAMMATIC ACCESS TOKEN | PAT } <token_name>
RENAME TO <new_token_name>
ALTER USER [ IF EXISTS ] [ <username> ] MODIFY { PROGRAMMATIC ACCESS TOKEN | PAT } <token_name> SET
[ DISABLED = { TRUE | FALSE } ]
[ MINS_TO_BYPASS_NETWORK_POLICY_REQUIREMENT = <integer> ]
[ COMMENT = '<string_literal>' ]
Parameters¶
username
The name of the user that the token is associated with.
If
username
is omitted, the command modifies the programmatic access token for the user who is currently logged in (the active user of this session).MODIFY { PROGRAMMATIC ACCESS TOKEN | PAT } token_name
Modifies a programmatic access token with the specified name.
You can use the keyword PAT as a shorter way of specifying the keywords PROGRAMMATIC ACCESS TOKEN.
RENAME TO new_token_name
Specifies a new name for a programmatic access token.
SET ...
Specifies one (or more) properties to set for the programmatic access token (separated by blank spaces, commas, or new lines).
DISABLED = { TRUE | FALSE }
Disables or enables the programmatic access token.
If a user is disabled or Snowflake locks a user, the programmatic tokens associated with that user are disabled automatically. If the user is subsequently enabled or Snowflake unlocks the user, the programmatic access tokens remain disabled. To enable the tokens again, set DISABLED to FALSE.
For information, see Re-enabling a disabled programmatic access token.
MINS_TO_BYPASS_NETWORK_POLICY_REQUIREMENT = integer
The number of minutes during which a user can use this token to access Snowflake being subject to an active network policy.
You can set this for a token for a person (if the USER object has TYPE=PERSON) if you need to temporarily bypass the requirement of having a network policy.
You can set this to a value in the range of
1
to1440
(1 day).COMMENT = 'string_literal'
Descriptive comment about the programmatic access token. This comment is displayed in the list of programmatic access tokens in Snowsight.
Access control requirements¶
A role used to execute this operation must have the following privileges at a minimum:
Privilege |
Object |
Notes |
---|---|---|
MODIFY PROGRAMMATIC AUTHENTICATION METHODS |
User |
Required only when modifying a programmatic access token for a user other than yourself. |
For instructions on creating a custom role with a specified set of privileges, see Creating custom roles.
For general information about roles and privilege grants for performing SQL actions on securable objects, see Overview of Access Control.
Examples¶
Change the name of a programmatic access token associated with the user example_user
:
ALTER USER IF EXISTS example_user MODIFY PROGRAMMATIC ACCESS TOKEN old_token_name
RENAME TO new_token_name;
Change the comment associated with a programmatic access token:
ALTER USER IF EXISTS example_user MODIFY PROGRAMMATIC ACCESS TOKEN token_name
SET COMMENT = 'my new comment';