Describes the details about a password policy.

DESCRIBE can be abbreviated to DESC.

See also:

Managing Password Policies





Identifier for the password policy; must be unique for your account.

The identifier value must start with an alphabetic character and cannot contain spaces or special characters unless the entire identifier string is enclosed in double quotes (e.g. "My object"). Identifiers enclosed in double quotes are also case-sensitive.

For more details, see Identifier requirements.

Access Control Requirements

A role used to execute this SQL command must have at least one of the following privileges at a minimum:







Password policy

OWNERSHIP is a special privilege on an object that is automatically granted to the role that created the object, but can also be transferred using the GRANT OWNERSHIP command to a different role by the owning role (or any role with the MANAGE GRANTS privilege).

Note that operating on any object in a schema also requires the USAGE privilege on the parent database and schema.

For instructions on creating a custom role with a specified set of privileges, see Creating Custom Roles.

For general information about roles and privilege grants for performing SQL actions on securable objects, see Overview of Access Control.

For additional details on password policy DDL and privileges, see Managing Password Policies.

Usage Notes

  • To post-process the output of this command, you can use the RESULT_SCAN function, which treats the output as a table that can be queried.


DESC PASSWORD POLICY password_policy_prod_1;
|   property                        |   value                                |   default   |   description                                                                                                                                 |
|   NAME                            |   PASSWORD_POLICY_PROD_1               |   null      |   Name of password policy.                                                                                                                    |
|   OWNER                           |   PROD_ADMIN                           |   null      |   Owner of password policy.                                                                                                                   |
|   COMMENT                         |   production account password policy   |   null      |   user comment associated to an object in the dictionary                                                                                      |
|   PASSWORD_MIN_LENGTH             |   12                                   |   8         |   Minimum length of new password.                                                                                                             |
|   PASSWORD_MAX_LENGTH             |   24                                   |   256       |   Maximum length of new password.                                                                                                             |
|   PASSWORD_MIN_UPPER_CASE_CHARS   |   2                                    |   1         |   Minimum number of uppercase characters in new password.                                                                                     |
|   PASSWORD_MIN_LOWER_CASE_CHARS   |   2                                    |   1         |   Minimum number of lowercase characters in new password.                                                                                     |
|   PASSWORD_MIN_NUMERIC_CHARS      |   2                                    |   1         |   Minimum number of numeric characters in new password.                                                                                       |
|   PASSWORD_MIN_SPECIAL_CHARS      |   2                                    |   0         |   Minimum number of special characters in new password.                                                                                       |
|   PASSWORD_MIN_AGE_DAYS           |   1                                    |   0         |   Period after a password is changed during which a password cannot be changed again, in days.                                                |
|   PASSWORD_MAX_AGE_DAYS           |   30                                   |   90        |   Period after which password must be changed, in days.                                                                                       |
|   PASSWORD_MAX_RETRIES            |   5                                    |   5         |   Number of attempts users have to enter the correct password before their account is locked.                                                 |
|   PASSWORD_LOCKOUT_TIME_MINS      |   30                                   |   15        |   Period of time for which users will be locked after entering their password incorrectly many times (specified by MAX_RETRIES), in minutes   |
|   PASSWORD_HISTORY                |   5                                    |   24        |   Number of most recent passwords that may not be repeated by the user                                                                        |