September 11-12, 2023 — 7.32 Release Notes

SQL Updates

New Function: IS_DATABASE_ROLE_IN_SESSION

The following function is available with this release:

Function Category

New Function

Description

Context

IS_DATABASE_ROLE_IN_SESSION

Verifies whether the database role is in the user’s active primary or secondary role hierarchy for the current session or if the specified column contains a database role that is in the user’s active primary or secondary role hierarchy for the current session.

For more information, see Share data protected by a role-based policy — Preview.

Data Loading / Unloading Updates

Replicating streams on Snowflake tables populated by Snowpipe Streaming

With this release, we are pleased to announce that Snowflake supports replicating streams on Snowflake tables populated by Snowpipe Streaming. For more information, see Replication and Snowpipe Streaming.

Snowpipe Streaming authentication updates

With the 2.0.3 release of the Snowpipe Streaming SDK, we are pleased to announce that Snowpipe Streaming supports OAuth authentication and the role property for Snowpipe Streaming is now optional. When configuring Snowpipe Streaming, you can set the authorization_type to OAuth and create an OAuth integration with the custom client.

For more information, see Configure Snowflake OAuth for custom clients and Configuration for Snowpipe Streaming.

New options for INFER_SCHEMA

With this release, we are pleased to announce that the INFER_SCHEMA table function supports two new options, MAX_FILE_COUNT and MAX_RECORDS_PER_FILE. You can use MAX_FILE_COUNT to specify the maximum number of files scanned from stage. You can use MAX_RECORDS_PER_FILE to specify the maximum number of records scanned per file.

For more information, see INFER_SCHEMA.

Data Governance Updates

Row access policies: Reference a protected mapping table in a row access policy — Preview

With this release, Snowflake is pleased to announce that policy administrators can reference a mapping table that is protected by a row access policy in the policy conditions of a different row access policy. The result is more assurance to compliance officers when a user queries a table protected by a row access policy.

For more information, see Example: Protect the mapping table with a row access policy.

Share data protected by a role-based policy — Preview

With this release, Snowflake is pleased to announce the preview to enable a data sharing provider to use the IS_DATABASE_ROLE_IN_SESSION function in the conditions of a masking policy or a row access policy to allow a data sharing consumer to access shared data that is protected by either of these policies. The function argument takes either the name of a database role or a column that contains database roles. This provides more options to the provider to share data, allows the consumer to access sensitive data that the provider makes available, and removes restrictions on policy-protected data when the consumer queries a shared table protected by a policy.

For details, see Share data protected by a policy and IS_DATABASE_ROLE_IN_SESSION.

Replication Updates

New FAILOVER Privilege for Client Redirect

Note

This feature has been postponed and will be available in a future release.

With this release, we are pleased to announce the FAILOVER privilege for connection objects. The FAILOVER privilege enables you to grant the ability for an account role other than the account administrator (a user with the ACCOUNTADMIN role) to fail over a connection in a disaster recovery scenario.

Web Interface Updates

Managing data governance in Snowsight — Generally Available

With this release, we are pleased to announce the general availability of the Data Governance interface in Snowsight. The Governance interface includes a Dashboard tab to monitor the most frequently used masking policies, row access policies, and tags with their usage on tables and columns. The Governance interface also includes a Tagged Objects tab to report on the Dashboard data, with the option to manually report on the usage of tags and policies on tables and columns.

When you select an element in the Dashboard, Snowsight automatically updates the Tagged Objects tab filters. Additionally, when you select a row in the Tagged Objects tab, Snowsight automatically redirects you to the object or column in the Data » Databases interface. You can then manage the policy and tag assignments as needed.

For more information, see: