Access control: Privileges can be granted to users (Preview)

Attention

This behavior change is in the 2025_02 bundle.

For the current status of the bundle, refer to Bundle History.

The ability to grant privileges is changing as follows:

Before the change:

You can grant privileges only to roles (RBAC).

After the change:

You can also grant privileges directly to users (UBAC). Privileges granted to a user allow that user access only when ALL secondary roles are activated in the current session.

This change extends the Snowflake access control framework to include user-based access control (UBAC).

Note

To use UBAC, you must enable the 2025_02 behavior change bundle in your account.

To enable this bundle in your account, execute the following statement:

SELECT SYSTEM$ENABLE_BEHAVIOR_CHANGE_BUNDLE('2025_02');
Copy

For example, when bundle 2025_02 is enabled, the following command syntax will be supported:

GRANT <privileges> ... TO USER;
Copy

To grant the USAGE privilege on a Streamlit application to a specific user, joe:

GRANT USAGE ON STREAMLIT streamlit_db.streamlit_schema.streamlit_app TO USER joe;
Copy

Ref: 1924

Language: English