Snowflake Native Apps: Changes to privileges commonly used by apps

Note

This behavior change is not applicable if you don’t have a Snowflake Native App running in your account, or you’re not planning to install a Snowflake Native App before this behavior change is enabled.

In a future release, privileges commonly used by apps will change from opt-in to opt-out. Privileges that currently require explicit grants during installation or upgrade will be available to a new app installation or an upgrade by default. This includes new versions and patches of a previously installed app.

This change affects the following privileges:

  • CREATE WAREHOUSE

  • CREATE TASK

  • CREATE MANAGED TASK

  • CREATE COMPUTE POOL

  • BIND SERVICE ENDPOINT

  • CREATE DATABASE

Before the change:

If an app requires one of the privileges listed above, the consumer must explicitly grant these privileges to the app during installation or upgrade.

After the change:

If an app requires these privileges, they will be granted to the app automatically during installation or upgrade. Consumers must explicitly deny access to these privileges.

Ref: 1952

Language: English