DESCRIBE PRIVACY POLICY¶

Describes the properties of a privacy policy.

DESCRIBE can be abbreviated to DESC.

See also:: CREATE PRIVACY POLICY , ALTER PRIVACY POLICY , DROP PRIVACY POLICY , SHOW PRIVACY POLICIES

Syntax¶

{ DESC | DESCRIBE } PRIVACY POLICY <name>

Copy

Parameters¶

name

Specifies the identifier for the privacy policy to describe.

If the identifier contains spaces or special characters, the entire string must be enclosed in double quotes. Identifiers enclosed in double quotes are also case-sensitive.

For more information, see Identifier requirements.

Output¶

The command output provides privacy policy properties and metadata in the following columns:

Column

Description

name

Name of the privacy policy.

signature

Signature of the privacy policy. All privacy policies have the same signature, which does not accept any arguments.

return_type

Return type of the privacy policy. All privacy policies return PRIVACY_BUDGET, which is an internal data type.

body

SQL expression that determines whether the privacy policy returns a privacy budget, and if it does, which one.

Column	Description
`name`	Name of the privacy policy.
`signature`	Signature of the privacy policy. All privacy policies have the same signature, which does not accept any arguments.
`return_type`	Return type of the privacy policy. All privacy policies return PRIVACY_BUDGET, which is an internal data type.
`body`	SQL expression that determines whether the privacy policy returns a privacy budget, and if it does, which one.

Access control requirements¶

A role used to execute this SQL command must have at least one of the following privileges at a minimum:

Privilege	Object	Notes
APPLY PRIVACY POLICY	Account
APPLY	Privacy policy
OWNERSHIP	Privacy policy	OWNERSHIP is a special privilege on an object that is automatically granted to the role that created the object, but can also be transferred using the GRANT OWNERSHIP command to a different role by the owning role (or any role with the MANAGE GRANTS privilege).

Operating on an object in a schema requires at least one privilege on the parent database and at least one privilege on the parent schema.

For instructions on creating a custom role with a specified set of privileges, see Creating custom roles.

For general information about roles and privilege grants for performing SQL actions on securable objects, see Overview of Access Control.

Usage notes¶

To post-process the output of this command, you can use the pipe operator (->>) or the RESULT_SCAN function. Both constructs treat the output as a result set that you can query.

For example, you can use the pipe operator or RESULT_SCAN function to select specific columns from the SHOW command output or filter the rows.

When you refer to the output columns, use double-quoted identifiers for the column names. For example, to select the output column type, specify SELECT "type".

You must use double-quoted identifiers because the output column names for SHOW commands are in lowercase. The double quotes ensure that the column names in the SELECT list or WHERE clause match the column names in the SHOW command output that was scanned.

Examples¶

The following example describes the privacy policy named myprivpolicy:

DESCRIBE PRIVACY POLICY myprivpolicy;

Copy

+--------------------+---------------+--------------------+-----------------------------------------------+
|   name             |   signature   |   return_type      |   body                                        |
+--------------------+---------------+--------------------+-----------------------------------------------+
|   MYPRIVPOLICY     |   ()          |   PRIVACY_BUDGET   |   PRIVACY_BUDGET(BUDGET_NAME=>'new_budget')   |
+--------------------+---------------+--------------------+-----------------------------------------------+