April 30-May 07, 2024 — 8.17 Release Notes (with behavior changes)¶

Attention

The release has completed.

For differences between the in-advance and final versions of these release notes, see Release notes change log.

Behavior change bundles¶

This release contains the following behavior change bundles:

Bundle Name	Status in this Release	Previous Status
2024_04	Disabled by default; admins can enable for testing	N/A (introduced in this release)
2024_03	Enabled by default; admins can disable for opt-out	Disabled by default
2024_02	Generally enabled; admins can no longer enable/disable	Enabled by default

The status for each bundle will change in the next behavior change release, planned for June 2024; however, this schedule is subject to change.

For more information about bundle statuses and how they may impact your accounts, see About Behavior Changes.

Security updates¶

Authentication enhancements — General Availability¶

With this release, we are pleased to announce the general availability of several authentication enhancements:

Authentication policies
Identifier-first login flow
New properties for SAML2 security integrations
Multiple identity providers support

Authentication policies¶

Authentication policies provide you with control over how users authenticate by allowing you to specify which clients can authenticate and which authentication methods can be used with SAML2 and External OAuth security integrations.

For more information, see Authentication policies and Limitations.

Identifier-first login flow¶

Identifier-first login allows Snowflake to identify a user before presenting authentication options. In this flow, Snowflake prompts the user for their email address or username only, then displays authentication options based on the identity of the user.

For more information about this feature and how to enable it, see Identifier-first login.

New properties for SAML2 security integrations¶

A SAML2 security integration for a federated authentication configuration contains two new properties: ALLOWED_USER_DOMAINS and ALLOWED_EMAIL_PATTERNS. When the user logs in, the user’s email address must match the values specified in these properties in order to authenticate with the identifier provider associated with the security integration. This feature requires the Identifier-first login to be enabled.

For more information, see CREATE SECURITY INTEGRATION (SAML2).

Multiple identity providers support¶

Snowflake now supports using multiple identity providers for federated authentication using SAML2 security integrations, which allows different users to authenticate with different identity providers. This feature requires the identity-first login flow to be enabled.

For more information, see Using multiple identity providers for federated authentication.

SQL updates¶

READ ONLY property available for tables¶

With this release, you can create tables with a new READ ONLY property. The READ ONLY property is valid only for a temporary table that is being created with the CREATE TABLE … CLONE variant of the CREATE TABLE command. A read-only table does not allow DML operations and only allows a subset of DDL operations.

When the 2024_04 behavior change bundle is enabled, information about the READ ONLY property is included in the output when you execute the SHOW TABLES command, query the TABLES view, and call the GET_DDL function.

ST_INTERSECTION_AGG and ST_UNION_AGG functions — General Availability¶

The following functions are now generally available with this release:

Function Category	New Function	Description
Geospatial	ST_INTERSECTION_AGG	Given a GEOGRAPHY column, returns a GEOGRAPHY object that represents the shape containing the combined set of points that are common to the shapes represented by the objects in the column (i.e. the intersection of the shapes).
Geospatial	ST_UNION_AGG	Given a GEOGRAPHY column, returns a GEOGRAPHY object that represents the combined set of points that are in at least one of the shapes represented by the objects in the column (i.e. the union of the shapes).

Data loading /unloading updates¶

New copy option: INCLUDE_METADATA¶

With this release, we are pleased to announce a new copy option INCLUDE_METADATA for COPY INTO <table>. This copy option provides a user-defined mapping between target table columns to METADATA columns and can only be used with the MATCH_BY_COLUMN_NAME copy option.

By using these two copy options, INCLUDE_METADATA with MATCH_BY_COLUMN_NAME, data ingestion is simplified allowing for the inclusion of file metadata into target tables columns while also loading file data columns.

In the following example, a mapping is defined with INCLUDE_METADATA. The existing columns, ingestdate and filename, are populated with corresponding metadata columns alongside the file data columns.

COPY INTO table1 FROM @stage1
MATCH_BY_COLUMN_NAME = CASE_INSENSITIVE
INCLUDE_METADATA = (
    ingestdate = METADATA$START_SCAN_TIME, filename = METADATA$FILENAME);

Copy

+-----+-----------------------+---------------------------------+-----+
| ... | FILENAME              | INGESTDATE                      | ... |
|---------------------------------------------------------------+-----|
| ... | example_file.json.gz  | Thu, 22 Feb 2024 19:14:55 +0000 | ... |
+-----+-----------------------+---------------------------------+-----+

Note

For CSV only, there is a known issue when the INCLUDE_METADATA copy option is used with MATCH_BY_COLUMN_NAME. Do not use this copy option when loading CSV files until the known issue is resolved.

Update: This issue is resolved with the 8.19 release.

For more information, see Copy options (copyOptions).

Release notes change log¶

Announcement	Update	Date
Release notes	Initial publication (preview)	29-Apr-24
New copy option: INCLUDE_METADATA stated a known issue with CSV	Changed to the known issue is resolved	15-May-24