ALTER USER … REMOVE PROGRAMMATIC ACCESS TOKEN (PAT)¶
Revokes a programmatic access token for a user.
- See also:
ALTER USER … ADD PROGRAMMATIC ACCESS TOKEN (PAT) , ALTER USER … MODIFY PROGRAMMATIC ACCESS TOKEN (PAT) , ALTER USER … ROTATE PROGRAMMATIC ACCESS TOKEN (PAT) , SHOW USER PROGRAMMATIC ACCESS TOKENS
Syntax¶
ALTER USER [ IF EXISTS ] [ <username> ] REMOVE { PROGRAMMATIC ACCESS TOKEN | PAT } <token_name>
Parameters¶
usernameThe name of the user that the token is associated with.
If you omit this parameter, the command revokes the token for the user who is currently logged in (the active user in the current session).
REMOVE { PROGRAMMATIC ACCESS TOKEN | PAT } token_nameRevokes a programmatic access token with the specified name.
You can use the keyword PAT as a shorter way of specifying the keywords PROGRAMMATIC ACCESS TOKEN.
Access control requirements¶
A role used to execute this operation must have the following privileges at a minimum:
Privilege |
Object |
Notes |
|---|---|---|
MODIFY PROGRAMMATIC AUTHENTICATION METHODS |
User |
Required only when revoking a programmatic access token for a user other than yourself. |
For instructions on creating a custom role with a specified set of privileges, see Creating custom roles.
For general information about roles and privilege grants for performing SQL actions on securable objects, see Overview of Access Control.
Usage notes¶
You cannot use revoked programmatic access tokens for authentication.
You cannot recover programmatic access tokens. You must generate a new programmatic access token instead.
Examples¶
Revoke a programmatic access token named example_token from the user example_user:
ALTER USER IF EXISTS example_user REMOVE PROGRAMMATIC ACCESS TOKEN example_token;