April 30-May 07, 2024 — 8.17 Release Notes (with behavior changes)


The release has completed.

For differences between the in-advance and final versions of these release notes, see Release notes change log.

Behavior change bundles

This release contains the following behavior change bundles:

Bundle Name

Status in this Release

Previous Status


Disabled by default; admins can enable for testing

N/A (introduced in this release)


Enabled by default; admins can disable for opt-out

Disabled by default


Generally enabled; admins can no longer enable/disable

Enabled by default

The status for each bundle will change in the next behavior change release, planned for June 2024; however, this schedule is subject to change.

For more information about bundle statuses and how they may impact your accounts, see About Behavior Changes.

Security updates

Authentication enhancements — General Availability

With this release, we are pleased to announce the general availability of several authentication enhancements:

Authentication policies

Authentication policies provide you with control over how users authenticate by allowing you to specify which clients can authenticate and which authentication methods can be used with SAML2 and External OAuth security integrations.

For more information, see Authentication policies and Limitations.

Identifier-first login flow

Identifier-first login allows Snowflake to identify a user before presenting authentication options. In this flow, Snowflake prompts the user for their email address or username only, then displays authentication options based on the identity of the user.

For more information about this feature and how to enable it, see Identifier-first login.

New properties for SAML2 security integrations

A SAML2 security integration for a federated authentication configuration contains two new properties: ALLOWED_USER_DOMAINS and ALLOWED_EMAIL_PATTERNS. When the user logs in, the user’s email address must match the values specified in these properties in order to authenticate with the identifier provider associated with the security integration. This feature requires the Identifier-first login to be enabled.

For more information, see CREATE SECURITY INTEGRATION (SAML2).

Multiple identity providers support

Snowflake now supports using multiple identity providers for federated authentication using SAML2 security integrations, which allows different users to authenticate with different identity providers. This feature requires the identity-first login flow to be enabled.

For more information, see Using multiple identity providers for federated authentication.

SQL updates

READ ONLY property available for tables

With this release, you can create tables with a new READ ONLY property. The READ ONLY property is valid only for a temporary table that is being created with the CREATE TABLE … CLONE variant of the CREATE TABLE command. A read-only table does not allow DML operations and only allows a subset of DDL operations.

When the 2024_04 behavior change bundle is enabled, information about the READ ONLY property is included in the output when you execute the SHOW TABLES command, query the TABLES view, and call the GET_DDL function.

ST_INTERSECTION_AGG and ST_UNION_AGG functions — General Availability

The following functions are now generally available with this release:

Function Category

New Function




Given a GEOGRAPHY column, returns a GEOGRAPHY object that represents the shape containing the combined set of points that are common to the shapes represented by the objects in the column (i.e. the intersection of the shapes).



Given a GEOGRAPHY column, returns a GEOGRAPHY object that represents the combined set of points that are in at least one of the shapes represented by the objects in the column (i.e. the union of the shapes).

Data loading /unloading updates

New copy option: INCLUDE_METADATA

With this release, we are pleased to announce a new copy option INCLUDE_METADATA for COPY INTO <table>. This copy option provides a user-defined mapping between target table columns to METADATA columns and can only be used with the MATCH_BY_COLUMN_NAME copy option.

By using these two copy options, INCLUDE_METADATA with MATCH_BY_COLUMN_NAME, data ingestion is simplified allowing for the inclusion of file metadata into target tables columns while also loading file data columns.

In the following example, a mapping is defined with INCLUDE_METADATA. The existing columns, ingestdate and filename, are populated with corresponding metadata columns alongside the file data columns.

COPY INTO table1 FROM @stage1
| ... | FILENAME              | INGESTDATE                      | ... |
| ... | example_file.json.gz  | Thu, 22 Feb 2024 19:14:55 +0000 | ... |


For CSV only, there is a known issue when the INCLUDE_METADATA copy option is used with MATCH_BY_COLUMN_NAME. Do not use this copy option when loading CSV files until the known issue is resolved.

Update: This issue is resolved with the 8.19 release.

For more information, see Copy options (copyOptions).

Release notes change log




Release notes

Initial publication (preview)


New copy option: INCLUDE_METADATA stated a known issue with CSV

Changed to the known issue is resolved