CREATE PACKAGES POLICY

Creates a new packages policy or replaces an existing packages policy.

After creating a packages policy, apply the packages policy to your Snowflake account using an ALTER ACCOUNT statement.

Syntax

CREATE [ OR REPLACE ] PACKAGES POLICY [ IF NOT EXISTS ] <name>
  LANGUAGE PYTHON
  [ ALLOWLIST = ( [ '<packageSpec>' ] [ , '<packageSpec>' ... ] ) ]
  [ BLOCKLIST = ( [ '<packageSpec>' ] [ , '<packageSpec>' ... ] ) ]
  [ ADDITIONAL_CREATION_BLOCKLIST = ( [ '<packageSpec>' ] [ , '<packageSpec>' ... ] ) ]
  [ COMMENT = '<string_literal>' ]
Copy

Required parameters

name

Specifies the identifier (i.e. name) for the packages policy; must be unique for the schema in which the packages policy is created.

In addition, the identifier must start with an alphabetic character and cannot contain spaces or special characters unless the entire identifier string is enclosed in double quotes (for example, "My object"). Identifiers enclosed in double quotes are also case-sensitive.

For more information, see Identifier requirements.

LANGUAGE PYTHON

Specifies the language that this packages policy will apply to.

Optional parameters

ALLOWLIST = ( [ 'packageSpec' ] [ , 'packageSpec' ... ] )

Specifies a list of package specs that are allowed.

Default: ('*') (i.e. allow all packages).

BLOCKLIST = ( [ 'packageSpec' ] [ , 'packageSpec' ... ] )

Specifies a list of package specs that are blocked. To unset this parameter, specify an empty list.

Default: () (i.e. do not block any packages).

ADDITIONAL_CREATION_BLOCKLIST = ( [ 'packageSpec' ] [ , 'packageSpec' ... ] )

Specifies a list of package specs that are blocked at creation time. To unset this parameter, specify an empty list. If the ADDITIONAL_CREATION_BLOCKLIST is set, it is appended to the basic BLOCKLIST at the creation time. For temporary UDFs and anonymous stored procedures, the ADDITIONAL_CREATION_BLOCKLIST is appended to the basic BLOCKLIST at both creation and execution time.

Default: () (i.e. do not block any packages).

COMMENT = 'string_literal'

Adds a comment or overwrites an existing comment for the packages policy.

Access control requirements

A role used to execute this SQL command must have the following privileges at a minimum:

Privilege

Object

Notes

CREATE PACKAGES POLICY

Schema

Note that operating on any object in a schema also requires the USAGE privilege on the parent database and schema.

For instructions on creating a custom role with a specified set of privileges, see Creating custom roles.

For general information about roles and privilege grants for performing SQL actions on securable objects, see Overview of Access Control.

Usage notes

  • Regarding metadata:

    Attention

    Customers should ensure that no personal data (other than for a User object), sensitive data, export-controlled data, or other regulated data is entered as metadata when using the Snowflake service. For more information, see Metadata Fields in Snowflake.

Examples

Create a packages policy for your current account:

CREATE PACKAGES POLICY yourdb.yourschema.packages_policy_prod_1
  LANGUAGE PYTHON
  ALLOWLIST = ('numpy', 'pandas==1.2.3', ...)
  BLOCKLIST = ('numpy==1.2.3', 'bad_package', ...)
  COMMENT = 'Packages policy for the prod_1 environment';
Copy