New privilege MANAGE SHARE TARGET replaces CREATE SHARE to add accounts to shares (Pending)¶

Attention

This behavior change is in the 2024_07 bundle.

For the current status of the bundle, refer to Bundle History.

When this behavior change bundle is enabled, a new privilege - MANAGE SHARE TARGET - replaces the existing CREATE SHARE privilege. You will be impacted by this change if you previously granted CREATE SHARE to a non-ACCOUNTADMIN role to manage share targets.

With this separation of privileges for creating a share and managing a share target, users gain more granular control over shares.

Before the change:

The existing CREATE SHARE privilege is used to both create shares and manage share targets (add accounts to a share).
If a role is granted CREATE SHARE privilege, the role can both create shares and manage share targets.

After the change:

The MANAGE SHARE TARGET privilege is used to manage share targets (add accounts to a share).
The existing CREATE SHARE privilege is used only to create shares, not manage share targets.
For existing roles with CREATE SHARE privilege, the MANAGE SHARE TARGET privilege is backfilled for those roles.

Prepare for the change

Customers should check if they have any automation that grants CREATE SHARE to any non-ACCOUNTADMIN role and uses them to manage share targets (add accounts to a share). If so, they should update the automation to grant MANAGE SHARE TARGET privilege for that purpose.

Ref: 1734

Was this page helpful?

Visit Snowflake

Join the conversation

Develop with Snowflake

Share your feedback

Read the latest on our blog

Get your own certification