CREATE SESSION POLICY¶
Creates a new session policy or replaces an existing session policy.
A session policy defines the idle session timeout period in minutes. Administrators can optionally set different timeout values for the Snowflake web interface and other Snowflake clients.
After creating a session policy, apply the session policy to your Snowflake account using an ALTER ACCOUNT statement or a user using an ALTER USER statement.
- See also:
Syntax¶
CREATE [OR REPLACE] SESSION POLICY [IF NOT EXISTS] <name>
[ SESSION_IDLE_TIMEOUT_MINS = <integer> ]
[ SESSION_UI_IDLE_TIMEOUT_MINS = <integer> ]
[ COMMENT = '<string_literal>' ]
Required Parameters¶
name
Identifier for the session policy; must be unique for your account.
The identifier value must start with an alphabetic character and cannot contain spaces or special characters unless the entire identifier string is enclosed in double quotes (e.g.
"My object"
). Identifiers enclosed in double quotes are also case-sensitive.For more details, see Identifier Requirements.
Optional Parameters¶
SESSION_IDLE_TIMEOUT_MINS = <integer>
For Snowflake Clients and programmatic clients, the number of minutes in which a session can be idle before users must authenticate to Snowflake again. The number of minutes can be any integer between
5
and240
, inclusive. If a value is not specified, Snowflake uses the default value.Default:
240
(i.e. 4 hours).SESSION_UI_IDLE_TIMEOUT_MINS = <integer>
For the Snowflake web interface, the number of minutes in which a session can be idle before users must authenticate to Snowflake again. The number of minutes can be any integer between
5
and240
, inclusive. If a value is not specified, Snowflake uses the default value.Default:
240
(i.e. 4 hours).COMMENT = 'string_literal'
Adds a comment or overwrites an existing comment for the session policy.
Access Control Requirements¶
A role used to execute this SQL command must have the following privileges at a minimum:
Privilege |
Object |
Notes |
---|---|---|
CREATE SESSION POLICY |
Schema |
Note that operating on any object in a schema also requires the USAGE privilege on the parent database and schema.
For instructions on creating a custom role with a specified set of privileges, see Creating Custom Roles.
For general information about roles and privilege grants for performing SQL actions on securable objects, see Overview of Access Control.
For additional details on session policy DDL and privileges, see Managing Session Policies.
Usage Notes¶
If you want to replace an existing session policy and need to see the current definition of the policy, call the GET_DDL function or run the DESCRIBE SESSION POLICY command.
Regarding metadata:
Attention
Customers should ensure that no personal data (other than for a User object), sensitive data, export-controlled data, or other regulated data is entered as metadata when using the Snowflake service. For more information, see Metadata Fields in Snowflake.
CREATE OR REPLACE <object> statements are atomic. That is, when the object is replaced, the old object deletion and the new object creation are processed in a single transaction.
Examples¶
Create a session policy for your current account:
CREATE SESSION POLICY session_policy_prod_1 SESSION_IDLE_TIMEOUT_MINS = 60 SESSION_UI_IDLE_TIMEOUT_MINS = 30 COMMENT = 'session policy for use in the prod_1 environment' ;