April 30-May 07, 2024 — 8.17 Release Notes (with behavior changes)¶
Attention
The release has completed.
For differences between the in-advance and final versions of these release notes, see Release notes change log.
Behavior change bundles¶
This release contains the following behavior change bundles:
Bundle Name |
Status in this Release |
Previous Status |
---|---|---|
Disabled by default; admins can enable for testing |
N/A (introduced in this release) |
|
Enabled by default; admins can disable for opt-out |
Disabled by default |
|
Generally enabled; admins can no longer enable/disable |
Enabled by default |
The status for each bundle will change in the next behavior change release, planned for June 2024; however, this schedule is subject to change.
For more information about bundle statuses and how they may impact your accounts, see About Behavior Changes.
Security updates¶
Authentication enhancements — General Availability¶
With this release, we are pleased to announce the general availability of several authentication enhancements:
Authentication policies¶
Authentication policies provide you with control over how users authenticate by allowing you to specify which clients can authenticate and which authentication methods can be used with SAML2 and External OAuth security integrations.
For more information, see Authentication policies and Limitations.
Identifier-first login flow¶
Identifier-first login allows Snowflake to identify a user before presenting authentication options. In this flow, Snowflake prompts the user for their email address or username only, then displays authentication options based on the identity of the user.
For more information about this feature and how to enable it, see Identifier-first login.
New properties for SAML2 security integrations¶
A SAML2 security integration for a federated authentication configuration contains two new properties: ALLOWED_USER_DOMAINS and ALLOWED_EMAIL_PATTERNS. When the user logs in, the user’s email address must match the values specified in these properties in order to authenticate with the identifier provider associated with the security integration. This feature requires the Identifier-first login to be enabled.
For more information, see CREATE SECURITY INTEGRATION (SAML2).
Multiple identity providers support¶
Snowflake now supports using multiple identity providers for federated authentication using SAML2 security integrations, which allows different users to authenticate with different identity providers. This feature requires the identity-first login flow to be enabled.
For more information, see Using multiple identity providers for federated authentication.
SQL updates¶
READ ONLY property available for tables¶
With this release, you can create tables with a new READ ONLY property. The READ ONLY property is valid only for a temporary table that is being created with the CREATE TABLE … CLONE variant of the CREATE TABLE command. A read-only table does not allow DML operations and only allows a subset of DDL operations.
When the 2024_04 behavior change bundle is enabled, information about the READ ONLY property is included in the output when you execute the SHOW TABLES command, query the TABLES view, and call the GET_DDL function.
ST_INTERSECTION_AGG and ST_UNION_AGG functions — General Availability¶
The following functions are now generally available with this release:
Function Category |
New Function |
Description |
---|---|---|
Geospatial |
Given a GEOGRAPHY column, returns a GEOGRAPHY object that represents the shape containing the combined set of points that are common to the shapes represented by the objects in the column (i.e. the intersection of the shapes). |
|
Geospatial |
Given a GEOGRAPHY column, returns a GEOGRAPHY object that represents the combined set of points that are in at least one of the shapes represented by the objects in the column (i.e. the union of the shapes). |
Data loading /unloading updates¶
New copy option: INCLUDE_METADATA¶
With this release, we are pleased to announce a new copy option INCLUDE_METADATA
for COPY INTO <table>. This copy option provides a
user-defined mapping between target table columns to METADATA columns and can only be used with the
MATCH_BY_COLUMN_NAME
copy option.
By using these two copy options, INCLUDE_METADATA
with MATCH_BY_COLUMN_NAME
, data ingestion is simplified allowing for the
inclusion of file metadata into target tables columns while also loading file data columns.
In the following example, a mapping is defined with INCLUDE_METADATA. The existing columns, ingestdate
and filename
, are
populated with corresponding metadata columns alongside the file data columns.
COPY INTO table1 FROM @stage1
MATCH_BY_COLUMN_NAME = CASE_INSENSITIVE
INCLUDE_METADATA = (
ingestdate = METADATA$START_SCAN_TIME, filename = METADATA$FILENAME);
+-----+-----------------------+---------------------------------+-----+
| ... | FILENAME | INGESTDATE | ... |
|---------------------------------------------------------------+-----|
| ... | example_file.json.gz | Thu, 22 Feb 2024 19:14:55 +0000 | ... |
+-----+-----------------------+---------------------------------+-----+
Note
For CSV only, there is a known issue when the INCLUDE_METADATA
copy option is used with MATCH_BY_COLUMN_NAME
. Do not use
this copy option when loading CSV files until the known issue is resolved.
Update: This issue is resolved with the 8.19 release.
For more information, see Copy options (copyOptions).
Release notes change log¶
Announcement |
Update |
Date |
---|---|---|
Release notes |
Initial publication (preview) |
29-Apr-24 |
New copy option: INCLUDE_METADATA stated a known issue with CSV |
Changed to the known issue is resolved |
15-May-24 |