Categories:

User & Security DDL

CREATE SESSION POLICY

Creates a new session policy or replaces an existing session policy.

A session policy defines the idle session timeout period in minutes. Administrators can optionally set different timeout values for the Snowflake web interface and other Snowflake clients.

After creating a session policy, apply the session policy to your Snowflake account using an ALTER ACCOUNT statement or a user using an ALTER USER statement.

See also:

Session Policy DDL Reference

Syntax

CREATE [OR REPLACE] SESSION POLICY [IF NOT EXISTS] <name>
  [ SESSION_IDLE_TIMEOUT_MINS = <integer> ]
  [ SESSION_UI_IDLE_TIMEOUT_MINS = <integer> ]
  [ COMMENT = '<string_literal>' ];

Required Parameters

name

Identifier for the session policy; must be unique for your account.

The identifier value must start with an alphabetic character and cannot contain spaces or special characters unless the entire identifier string is enclosed in double quotes (e.g. "My object"). Identifiers enclosed in double quotes are also case-sensitive.

For more details, see Identifier Requirements.

Optional Parameters

SESSION_IDLE_TIMEOUT_MINS = <integer>

For Snowflake Clients and programmatic clients, the number of minutes in which a session can be idle before users must authenticate to Snowflake again. The number of minutes can be any integer between 5 and 240, inclusive. If a value is not specified, Snowflake uses the default value.

Default: 240 (i.e. 4 hours).

SESSION_UI_IDLE_TIMEOUT_MINS = <integer>

For the Snowflake web interface, the number of minutes in which a session can be idle before users must authenticate to Snowflake again. The number of minutes can be any integer between 5 and 240, inclusive. If a value is not specified, Snowflake uses the default value.

Default: 240 (i.e. 4 hours).

COMMENT = 'string_literal'

Adds a comment or overwrites an existing comment for the session policy.

Access Control Requirements

A role used to execute this SQL command must have the following privileges at a minimum:

Privilege

Object

Notes

CREATE SESSION POLICY

Schema

Note that operating on any object in a schema also requires the USAGE privilege on the parent database and schema.

For instructions on creating a custom role with a specified set of privileges, see Creating Custom Roles.

For general information about roles and privilege grants for performing SQL actions on securable objects, see Access Control in Snowflake.

For additional details on session policy DDL and privileges, see Managing Session Policies.

Usage Notes

  • If you want to replace an existing session policy and need to see the current definition of the policy, call the GET_DDL function or run the DESCRIBE SESSION POLICY command.

  • CREATE OR REPLACE <object> statements are atomic. That is, when the object is replaced, the old object deletion and the new object creation are processed in a single transaction.

Examples

Create a session policy for your current account:

CREATE SESSION POLICY session_policy_prod_1
  SESSION_IDLE_TIMEOUT_MINS = 60
  SESSION_UI_IDLE_TIMEOUT_MINS = 30
  COMMENT = 'session policy for use in the prod_1 environment'
;
Back to top