Versioned schemas: Disallow policy assignments across schemas¶

The behavior of versioned schemas, masking policies, and row access policies in a Snowflake Native App is as follows:

Before the change:

A policy assignment can occur when you create a:

• Policy in the versioned schema and assign the policy to a table or view in a different schema.

• Policy in a non-versioned schema and assign the policy to a table or view in a versioned schema.

• Table or view in the versioned schema and assign a policy to the table or view when the policy exists in a non-versioned schema.

• Table or view in a non-versioned schema and assign a policy to the tables or views when the policy exists in a versioned schema.

After the change:

The policy assignment fails with the following error message:

A POLICY in a versioned schema can only be assigned to the objects in the same schema. An object in a versioned schema can only have a POLICY assigned that is defined in the same schema.

To prevent the error message, the Snowflake Native App provider should update the setup script to ensure that the policy is set on objects within the same schema as the policy when a versioned schema contains either the policy or the object on which the policy is set. If a non-versioned schema contains either the policy or the object on which the policy is set, it is not necessary to update the setup script.

If you are a consumer of the Snowflake Native App and you see this error message after installing the app, ask the provider to update their set up script.

Ref: 1453