Categories:

Table, View, & Sequence DDL

SHOW ROW ACCESS POLICIES

Lists the row access policies for which you have access privileges. Returns information that includes the creation date, database and schema names, owner, and any available comments.

See also:

Table, View, & Sequence DDL , ALTER ROW ACCESS POLICY , CREATE ROW ACCESS POLICY , DROP ROW ACCESS POLICY , DESCRIBE ROW ACCESS POLICY

In this Topic:

Syntax

SHOW ROW ACCESS POLICIES;

Access Control Requirements

A role used to execute this SQL command must have the following privileges at a minimum:

Privilege

Object

Notes

APPLY ROW ACCESS POLICY or

OWNERSHIP or

APPLY

Account

Row access policy

Row access policy

OWNERSHIP is a special privilege on an object that is automatically granted to the role that created the object, but can also be transferred using the GRANT OWNERSHIP command to a different role by the owning role (or any role with the MANAGE GRANTS privilege).

Note that operating on any object in a schema also requires the USAGE privilege on the parent database and schema.

For instructions on creating a custom role with a specified set of privileges, see Creating Custom Roles.

For general information about roles and privilege grants for performing SQL actions on securable objects, see Access Control in Snowflake.

For additional details on row access policy DDL and privileges, see Managing Row Access Policies.

Usage Notes

  • The command does not require a running warehouse to execute.

  • The value for LIMIT rows cannot exceed 10000. If LIMIT rows is omitted, the command results in an error if the result set is larger than 10K rows.

    To view results for which more than 10K records exist, either include LIMIT rows or query the corresponding view in the Snowflake Information Schema.

  • To post-process the output of this command, you can use the RESULT_SCAN function, which treats the output as a table that can be queried.

Examples

The following example is representative of a user with the ACCOUNTADMIN role executing the query.

show row access policies;

---------------------------------+------+---------------+-------------+-------------------+--------------+---------+
          created_on             | name | database_name | schema_name |       kind        |    owner     | comment |
---------------------------------+------+---------------+-------------+-------------------+--------------+---------+
Fri, 23 Jun 1967 00:00:00 -0700  | P1   | RLS_AUTHZ_DB  | S_D_1       | ROW_ACCESS_POLICY | ACCOUNTADMIN |         |
Fri, 23 Jun 1967 00:00:00 -0700  | P2   | RLS_AUTHZ_DB  | S_D_2       | ROW_ACCESS_POLICY | ACCOUNTADMIN |         |
---------------------------------+------+---------------+-------------+-------------------+--------------+---------+

The following example is representative of a role that does not have USAGE on the parent schema in which row access policies exist and is not the ACCOUNTADMIN role.

show row access policies;

---------------------------------+------+---------------+-------------+-------------------+--------------+---------+
          created_on             | name | database_name | schema_name |       kind        |    owner     | comment |
---------------------------------+------+---------------+-------------+-------------------+--------------+---------+
Back to top