Understanding owner’s rights and Streamlit in Snowflake apps¶
The model for Streamlit in Snowflake closely maps to owner’s rights model in stored procedures. This eliminates the need for service account tokens and integrates with the authentication, access control, and network policy features that Snowflake provides.
About owner’s rights in Streamlit in Snowflake¶
Streamlit apps adhere to the following rules within a session:
Run with the privileges of the owner, not the privileges of the caller.
Run with the warehouse provisioned by the app owner.
Use the database and schema that the Streamlit in Snowflake app was created in, not the database and schema that the caller is currently using.
About app creation¶
The privilege to create a Streamlit app is granted at the schema level. Only users with the OWNER privilege on the schema can create a Streamlit app in that schema. When a Streamlit app is created, it runs with the role of the user who originally created the app.
Viewing an app¶
The app owner can choose which roles have permission to use the app.
Viewers can interact with the app and see anything displayed on the screen.
All of the app owner role’s privileges can be used by the app when shared with other roles, regardless of whether the privilege has WITH GRANT enabled.
Restrictions on owner’s rights¶
Because apps run with owner’s rights, they have several additional restrictions. These restrictions affect the following:
The built-in functions that can be called from inside a stored procedure are not available when a stored procedure is called in a Streamlit app.
The ability to execute ALTER USER statements.
The types of SQL statements that can be called from inside a stored procedure.
Some DESCRIBE commands.
Owner’s rights and app security¶
Although Snowflake provides security features like authentication, role-based access control, and admin controls, responsibility for the security of apps is shared with app authors. Therefore, you should follow appropriate security practices while developing Streamlit apps inside Snowflake.
Incorrect application logic can allow an attacker to gain full access to all privileges granted to the owner’s role. For example, an app that allows viewers to write SQL commands directly would also allow viewers to act as the app owner: they could reconfigure the app and target other viewers of the app.
As a sound security practice, Snowflake recommends that you use role-based access control and dedicated roles for creating and viewing Streamlit apps.