Snowflake Data Clean Rooms: External and Iceberg tables¶
When external tables and Iceberg tables are linked in a clean room, there are external calls that might allow a collaborator to extract sensitive information from the clean room. Due to this, both the provider and consumer need to consent before the other party can use these objects in the clean room.
For limitations when including external tables and Iceberg tables in a clean room, see Limitations.
Web app clean rooms¶
To control the inclusion of external tables and Iceberg tables in clean rooms created and installed in the web app, provider and consumer administrators configure their clean room environment to explicitly allow these objects.
For clean rooms shared with a consumer by a provider, the consumer cannot include external tables and Iceberg tables unless the provider explicitly allows them for the provider’s clean room environment.
For consumers, clean room users cannot install a clean room that has external tables or Iceberg tables unless the clean room environment allows it. Even if the consumer’s clean room environment allows these objects, clean room users are warned when these types of tables have been linked so they can decide to not install the clean room.
To configure a clean room environment to allow external tables and Iceberg tables:
Do one of the following:
If you are using a managed account, select Admin » My Account.
If you are using a Snowflake account, select Admin » Snowflake Admin and login into Snowflake as a user with the ACCOUNTADMIN role.
Toggle on External & Iceberg Tables.
Developer API clean rooms¶
Allowing external tables and Iceberg tables in a clean room created and installed using the developer APIs is a two-step process:
First, a user with the ACCOUNTADMIN role allows these types of tables for the entire clean room environment.
Then, clean room users allow these objects for specific clean rooms as they are created or installed.
Allow external tables and Iceberg tables in clean room environment¶
The account administrator for both the provider and the consumer must explicitly allow external tables and Iceberg tables in the clean room environment before individual users can allow them in a clean room.
To allow external tables and Iceberg tables in a clean room environment, the account administrator executes:
USE ROLE ACCOUNTADMIN;
CALL samooha_by_snowflake_local_db.library.enable_external_tables_on_account();
Allow external tables and Iceberg tables in a specific clean room¶
The provider who is creating a clean room and the consumer who is installing it must allow external tables and Iceberg tables in the clean room.
- Provider:
Before they can link an external table or Iceberg table in a clean room, the provider must call the
providers.enable_external_tables_for_cleanroom
command. For example, if the provider wants to add an Iceberg table to theinsights_cleanroom
clean room, they must execute:CALL samooha_by_snowflake_local_db.provider.enable_external_tables_for_cleanroom( 'insights_cleanroom');
- Consumer:
After a consumer installs a clean room, they can approve the provider’s inclusion of external tables or Iceberg tables by executing the
consumers.enable_external_tables_for_cleanroom
command. For example, if the consumer installed a clean roomoverlap_cleanroom
that includes an Iceberg table, they must execute:CALL samooha_by_snowflake_local_db.consumer.enable_external_tables_for_cleanroom( 'overlap_cleanroom');
Register an external table or Iceberg table¶
As with other objects, external tables and Iceberg tables must be registered before they can be linked. Use the appropriate parameter of
the library.register_table_or_view
command to indicate the table type.
- External table
The fourth parameter of the
library.register_table_or_view
command specifies whether an object is an external table. For example, to register an external tablemy_ext_table
in thesamooha_sample_database.demo
schema, execute:CALL samooha_by_snowflake_local_db.library.register_table_or_view( ['SAMOOHA_SAMPLE_DATABASE.DEMO.MY_EXT_TABLE'], false, false, true, false);
- Iceberg table
The third parameter of the
library.register_table_or_view
command specifies whether an object is an Iceberg table. For example, to register the Iceberg tablecustomers
in thesamooha_sample_database.demo
schema, execute:CALL samooha_by_snowflake_local_db.library.register_table_or_view( ['SAMOOHA_SAMPLE_DATABASE.DEMO.CUSTOMERS'], false, true, false, false);
Limitations¶
Because managed accounts always use external tables, providers must enable external tables and Iceberg tables when sharing a clean room with a managed account.
Collaborators in different regions cannot link external tables and Iceberg tables in clean rooms.
You cannot run an analysis with the SQL Query template if its configuration applies an aggregation policy or projection policy to the external table or Iceberg table.