Snowflake Native App Framework: Roles with the ATTACH LISTING privilege can run the DESCRIBE APPLICATION PACKAGE command

Attention

This behavior change is in the 2024_04 bundle.

For the current status of the bundle, refer to Bundle History.

This behavior change alters the privileges required to run the DESCRIBE APPLICATION PACKAGE command. The ATTACH LISTING privilege is a database-level privilege that can be granted on an application package. This privilege allows a provider to add an application package as the data product of a listing.

Before the change:

Having only the ATTACH LISTING privilege granted on an application package did not allow a user to run the DESCRIBE APPLICATION PACKAGE command. Only users with roles granted the OWNERSHIP privilege on the application package could run this command.

After the change:

Users with a role that has been granted only the ATTACH LISTING privilege can run the DESCRIBE APPLICATION PACKAGE command.

Ref: 1603