ALTER FEATURE POLICY¶
Alters or renames a feature policy.
- See also:
CREATE FEATURE POLICY , DESCRIBE FEATURE POLICY, DROP FEATURE POLICY, SHOW FEATURE POLICIES
Syntax¶
ALTER FEATURE POLICY [ IF EXISTS ] <name> SET
[ BLOCKED_OBJECT_TYPES_FOR_CREATION = ( [ <type> [ , <type> ... ] ] ) ]
[ COMMENT = '<string_literal>' ]
ALTER FEATURE POLICY [ IF EXISTS ] <name> UNSET
[ BLOCKED_OBJECT_TYPES_FOR_CREATION ]
[ COMMENT ]
ALTER FEATURE POLICY [ IF EXISTS ] <name> RENAME TO <new_name>
ALTER FEATURE POLICY [ IF EXISTS ] <name> SET TAG <tag_name> = '<tag_value>' [ , <tag_name> = '<tag_value>' ... ]
ALTER FEATURE POLICY [ IF EXISTS ] <name> UNSET TAG <tag_name> [ , ... ]
Parameters¶
nameSpecifies the identifier for the feature policy to alter.
If the identifier contains spaces or special characters, the entire string must be enclosed in double quotes. Identifiers enclosed in double quotes are also case-sensitive.
For more information, see Identifier requirements.
SETSpecifies one (or more) properties to set for the feature policy.
BLOCKED_OBJECT_TYPES_FOR_CREATION = ( type [ , type ... ] )Specifies the objects that an app is prohibit from creating.
Possible values are:
COMPUTE_POOLS
DATABASES
TASKS
WAREHOUSES
COMMENT = 'string_literal'String (literal) that specifies a comment for the feature policy.
TAG tag_name = 'tag_value' [ , tag_name = 'tag_value' , ... ]Specifies the tag name and the tag string value.
The tag value is always a string, and the maximum number of characters for the tag value is 256.
For information about specifying tags in a statement, see Tag quota for objects.
Access control requirements¶
A role used to execute this operation must have the following privileges at a minimum:
Privilege |
Object |
Notes |
|---|---|---|
APPLY FEATURE POLICY |
Account |
This privilege is required to set a feature policy for the current account. |
APPLY or OWNERSHIP |
Feature policy |
One of these privileges is required to modify a feature policy. |
The USAGE privilege on the parent database and schema are required to perform operations on any object in a schema.
For instructions on creating a custom role with a specified set of privileges, see Creating custom roles.
For general information about roles and privilege grants for performing SQL actions on securable objects, see Overview of Access Control.
Usage notes¶
If a previous policy had been applied to the account or an app an error is return, unless the you specify the FORCE option to force the replacement of the existing policy.
When a feature policy is unbound from an app, the account level policy takes effect, if it exists.
Examples¶
The following example sets the BLOCKED_OBJECT_TYPES_FOR_CREATION property on the feature policy to prohibit an app from creating databases or tasks:
ALTER FEATURE POLICY block_create_db_policy SET
BLOCKED_OBJECT_TYPES_FOR_CREATION = (DATABASES, TASKS);
The following example changes the name of a feature policy from block_create_db_policy to
block_create_db_task_policy:
ALTER FEATURE POLICY block_create_db_policy RENAME TO block_create_db_task_policy;