Snowflake Native App Framework: Enforce REFERENCE usage on databases containing tags and policies

Attention

This behavior change is in the 2023_08 bundle.

For the current status of the bundle, refer to Bundle History.

In a previous BCR, providers were required to grant reference usage on shared objects within an application package. However, there was no effect on any installed Snowflake Native App as part of the previous BCR, including shared databases referencing tags and policies.

In this BCR, an installed Snowflake Native App will fail if it is based on an application package that contains a database with dependencies on tags or policies and REFERENCE usage has not been granted on that database to the application package.

Currently:

A Snowflake Native App installed from an application package containing dependencies on tags or policies continues to work even if REFERENCE usage on the parent or reference database was not granted to the application package.

Pending:

A Snowflake Native App installed from an application package containing dependencies on tags or policies will fail if REFERENCE usage is not granted on the parent or reference database to the application package.

Providers must ensure that all apps installed in consumer accounts have the correct privileges granted to event tables and temporary stages. To grant the correct privileges, run the following command:

GRANT REFERENCE USAGE ON DATABASE <database_name> TO SHARE IN APPLICATION PACKAGE <app_package>;
Copy

Ref: 1367