CREATE PACKAGES POLICY¶
Creates a new packages policy or replaces an existing packages policy.
After creating a packages policy, apply the packages policy to your Snowflake account using an ALTER ACCOUNT statement.
Syntax¶
CREATE [ OR REPLACE ] PACKAGES POLICY [ IF NOT EXISTS ] <name>
LANGUAGE PYTHON
[ ALLOWLIST = ( [ '<packageSpec>' ] [ , '<packageSpec>' ... ] ) ]
[ BLOCKLIST = ( [ '<packageSpec>' ] [ , '<packageSpec>' ... ] ) ]
[ ADDITIONAL_CREATION_BLOCKLIST = ( [ '<packageSpec>' ] [ , '<packageSpec>' ... ] ) ]
[ COMMENT = '<string_literal>' ]
Required parameters¶
name
Specifies the identifier (i.e. name) for the packages policy; must be unique for the schema in which the packages policy is created.
In addition, the identifier must start with an alphabetic character and cannot contain spaces or special characters unless the entire identifier string is enclosed in double quotes (for example,
"My object"
). Identifiers enclosed in double quotes are also case-sensitive.For more information, see Identifier requirements.
LANGUAGE PYTHON
Specifies the language that this packages policy will apply to.
Optional parameters¶
ALLOWLIST = ( [ 'packageSpec' ] [ , 'packageSpec' ... ] )
Specifies a list of package specs that are allowed.
Default:
('*')
(i.e. allow all packages).BLOCKLIST = ( [ 'packageSpec' ] [ , 'packageSpec' ... ] )
Specifies a list of package specs that are blocked. To unset this parameter, specify an empty list.
Default:
()
(i.e. do not block any packages).ADDITIONAL_CREATION_BLOCKLIST = ( [ 'packageSpec' ] [ , 'packageSpec' ... ] )
Specifies a list of package specs that are blocked at creation time. To unset this parameter, specify an empty list. If the
ADDITIONAL_CREATION_BLOCKLIST
is set, it is appended to the basic BLOCKLIST at the creation time. For temporary UDFs and anonymous stored procedures, theADDITIONAL_CREATION_BLOCKLIST
is appended to the basic BLOCKLIST at both creation and execution time.Default:
()
(i.e. do not block any packages).COMMENT = 'string_literal'
Adds a comment or overwrites an existing comment for the packages policy.
Access control requirements¶
A role used to execute this SQL command must have the following privileges at a minimum:
Privilege |
Object |
Notes |
---|---|---|
CREATE PACKAGES POLICY |
Schema |
The USAGE privilege on the parent database and schema are required to perform operations on any object in a schema.
For instructions on creating a custom role with a specified set of privileges, see Creating custom roles.
For general information about roles and privilege grants for performing SQL actions on securable objects, see Overview of Access Control.
Usage notes¶
Regarding metadata:
Attention
Customers should ensure that no personal data (other than for a User object), sensitive data, export-controlled data, or other regulated data is entered as metadata when using the Snowflake service. For more information, see Metadata fields in Snowflake.
Examples¶
Create a packages policy for your current account:
CREATE PACKAGES POLICY yourdb.yourschema.packages_policy_prod_1 LANGUAGE PYTHON ALLOWLIST = ('numpy', 'pandas==1.2.3', ...) BLOCKLIST = ('numpy==1.2.3', 'bad_package', ...) COMMENT = 'Packages policy for the prod_1 environment';