9.39 Release Notes: Dec 08, 2025-Dec 12, 2025¶
Attention
This release has completed. For differences between the in-advance and final versions of these release notes, see Release notes change log.
Security updates¶
Trust Center: Detection findings and event-driven scanners (Preview)¶
You can now use Trust Center to view a new type of findings — detections that scanners find in your account. This preview also adds a new type of scanners — event driven, which constantly monitor your account for specific events, to the existing type of schedule-based scanners.
For more information, see Detections and Event-driven scanners.
Programmatic access tokens: Removing the single-role restriction for service users¶
For service users (users with TYPE=SERVICE or TYPE=LEGACY_SERVICE), you can now generate a programmatic access token that is not restricted to a single role.
To bypass this restriction, create or alter an authentication policy that sets the REQUIRE_ROLE_RESTRICTION_FOR_SERVICE_USERS property to FALSE in the PAT_POLICY clause. For example:
CREATE AUTHENTICATION POLICY my_authentication_policy
PAT_POLICY = (
REQUIRE_ROLE_RESTRICTION_FOR_SERVICE_USERS = FALSE
);
ALTER AUTHENTICATION POLICY my_authentication_policy
SET PAT_POLICY = (
REQUIRE_ROLE_RESTRICTION_FOR_SERVICE_USERS = FALSE
);
After creating or altering the authentication policy, apply the policy to a service user.
Note
The restriction is lifted only when you use the ALTER USER … ADD PROGRAMMATIC ACCESS TOKEN (PAT) command to generate the programmatic access token.
Currently, the restriction is not lifted if you are using Snowsight to generate the programmatic access token, but support will be added in the future.
For information, see Removing the role restriction for service users.
Release notes change log¶
Announcement |
Update |
Date |
|---|---|---|
Release notes |
Initial publication (preview) |
Dec 05, 2025 |
Programmatic access tokens: Removing the single-role restriction for service users |
Added to Security updates |
Dec 10, 2025 |