ALTER USER … MODIFY PROGRAMMATIC ACCESS TOKEN (PAT)

Changes the name of a programmatic access token or a property of the token.

See also:

ALTER USER … ADD PROGRAMMATIC ACCESS TOKEN (PAT) , ALTER USER … ROTATE PROGRAMMATIC ACCESS TOKEN (PAT) , ALTER USER … REMOVE PROGRAMMATIC ACCESS TOKEN (PAT) , SHOW USER PROGRAMMATIC ACCESS TOKENS

Syntax

ALTER USER [ IF EXISTS ] [ <username> ] MODIFY { PROGRAMMATIC ACCESS TOKEN | PAT } <token_name>
  RENAME TO <new_token_name>

ALTER USER [ IF EXISTS ] [ <username> ] MODIFY { PROGRAMMATIC ACCESS TOKEN | PAT } <token_name> SET
  [ DISABLED = { TRUE | FALSE } ]
  [ MINS_TO_BYPASS_NETWORK_POLICY_REQUIREMENT = <integer> ]
  [ COMMENT = '<string_literal>' ]
Copy

Parameters

username

The name of the user that the token is associated with.

If username is omitted, the command modifies the programmatic access token for the user who is currently logged in (the active user of this session).

MODIFY { PROGRAMMATIC ACCESS TOKEN | PAT } token_name

Modifies a programmatic access token with the specified name.

You can use the keyword PAT as a shorter way of specifying the keywords PROGRAMMATIC ACCESS TOKEN.

RENAME TO new_token_name

Specifies a new name for a programmatic access token.

SET ...

Specifies one (or more) properties to set for the programmatic access token (separated by blank spaces, commas, or new lines).

DISABLED = { TRUE | FALSE }

Disables or enables the programmatic access token.

If a user is disabled or Snowflake locks a user, the programmatic tokens associated with that user are disabled automatically. If the user is subsequently enabled or Snowflake unlocks the user, the programmatic access tokens remain disabled. To enable the tokens again, set DISABLED to FALSE.

For information, see Re-enabling a disabled programmatic access token.

MINS_TO_BYPASS_NETWORK_POLICY_REQUIREMENT = integer

The number of minutes during which a user can use this token to access Snowflake without being subject to an active network policy.

You can set this for a token for a person (if the USER object has TYPE=PERSON) if that person is not subject to a network policy but needs to use a programmatic access token for authentication. See Network policy requirements.

Note

Setting MINS_TO_BYPASS_NETWORK_POLICY_REQUIREMENT does not allow users to bypass the network policy itself.

You can set this to a value in the range of 1 to 1440 (1 day).

Default: 0

COMMENT = 'string_literal'

Descriptive comment about the programmatic access token. This comment is displayed in the list of programmatic access tokens in Snowsight.

Access control requirements

A role used to execute this operation must have the following privileges at a minimum:

Privilege

Object

Notes

MODIFY PROGRAMMATIC AUTHENTICATION METHODS

User

Required only when modifying a programmatic access token for a user other than yourself.

For instructions on creating a custom role with a specified set of privileges, see Creating custom roles.

For general information about roles and privilege grants for performing SQL actions on securable objects, see Overview of Access Control.

Examples

Change the name of a programmatic access token associated with the user example_user:

ALTER USER IF EXISTS example_user MODIFY PROGRAMMATIC ACCESS TOKEN old_token_name
  RENAME TO new_token_name;
Copy

Change the comment associated with a programmatic access token:

ALTER USER IF EXISTS example_user MODIFY PROGRAMMATIC ACCESS TOKEN token_name
  SET COMMENT = 'my new comment';
Copy
Language: English