Create an organizational listing

Create an organizational listing to share data products securely within your organization. Before you create an organizational listing, review the prerequisites, known limitations, and considerations.

Prerequisites

Known limitations

  • Support for organizational listings in government regions is currently in preview with the following limitations:

    • Creating custom organization profiles in government regions isn’t supported.

    • The ACCESS_HISTORY view in the organization account isn’t available.

    • Organizational listings created from commercial or Virtual Private Snowflake (VPS) accounts don’t show up when searching, filtering, or browsing listings.

  • You must use the API to target specific regions.

  • Data products supported: Snowflake Native App Framework and shares.

  • Organizational listings that contain a Snowflake Native App do not support target roles for access or discovery.

  • The following features are not supported when using organizational listings:

    • Provider studio analytics.

    • Reader accounts.

  • You cannot specify specific regions in organizational listings using Snowsight.

    Instead, you can specify the region in the manifest YAML file when creating or altering the listing programatically.

Considerations

  • Before you target an entire organization, check for external tenants. Adjust the target accounts for your data products before adding them to an organizational listing unless you intend to share them with external tenants.

  • Each share can be attached to one listing.

  • Each Native App can be attached to one or more listings.

  • For organization changes (such as mergers) with accounts containing organizational listings, contact Snowflake Support.

Access control requirements

Use the information provided here to determine the specific roles and privileges that you must have to execute organizational listing SQL commands.

For instructions on creating a custom role with a specified set of privileges, see Creating custom roles.

For general information about roles and privilege grants for performing SQL actions on securable objects, see Overview of Access Control.

Assign organizational listing privileges

To create an organizational listing, a role must have the necessary privileges to create a share, as shown in Share creation and management, as well as necessary privileges to create an organizational listing from it, as shown in Privileges to create an organizational listing using the share.

Share creation and management

To create a share and to create and manage objects inside a share, a role must have the necessary privileges on the data objects, schemas, and the CREATE SHARE command.

Privilege

Object

Notes

CREATE SHARE

ACCOUNT

To CREATE a share

OWNERSHIP or USAGE with grants option

DATABASE

To see and USE the specified database.

OWNERSHIP or USAGE with grants option

SCHEMA

To see the specified schema.

SELECT

TABLE

To query specified tables in the specified schema.

The USAGE privilege on the parent database and schema is required to perform operations on any object in a schema.

Privileges to create an organizational listing using the share

One of the following privileges is required to create an organizational listing, in addition to the share-related privileges listed above.

Privilege

Object

Notes

CREATE ORGANIZATION LISTING

ACCOUNT

To create and alter organizational listings.

CREATE LISTING

ACCOUNT

To create and alter organizational listings and private listings.

Privileges to alter an organizational listing

One of the following privileges is required to alter a listing.

Role

Notes

OWNERSHIP

Can ALTER a share without additional grant options.

MODIFY with grants option

Can ALTER a share after granting modify privileges to a role. This can be done using:

grant modify on data exchange listing <listing_name> to role <role_name>
Copy

Consume or query an organizational listing

To directly consume an organizational listing, you can reference the Uniform Listing Locator (ULL) without any additional privileges. If you require mounting the listing, then the following privileges are required:

Privilege

Object

Notes

IMPORT ORGANIZATION LISTING

ACCOUNT

To import an organizational listing.

CREATE database

ACCOUNT

To create a database and mount the listing objects.

Manage listing auto-fulfillment settings

Before managing auto-fulfillment settings for your organization listing, ensure that you have the necessary roles to manage auto-fulfilling the listing. See the auto-fulfillment required privileges for more information.

A role used to execute this operation must have the following privileges at a minimum:

Privilege

Object

Notes

MANAGE LISTING AUTO FULFILLMENT

ACCOUNT

To configure the auto-fulfillment settings.

Create an organizational listing in Snowsight or SQL

  1. Create an organizational listing.

    1. Sign in to Snowsight.

    2. Select Data Products » Provider Studio in the left-side navigation menu.

    3. Select + Create Listing » Internal Marketplace.

    4. Select + Data Product.

    5. In the + Data Product dialog, click + Select.

    6. Navigate to a data product such as a table, view or other data product.

      Alternatively, search for and choose a data product to share.

    7. Select Done when complete.

    8. Select Save.

  2. Specify who can access the listing (the target accounts, roles, and regions).

    1. Select + Access Control. The Access and discovery dialog displays.

    2. Complete the Grant access section:

      Field

      Description

      Who can access this data product?

      Select one of the following:

      • Entire organization: Anyone in the organization can access the listing.

        If Entire organization is selected and cross-cloud auto-fulfillment is enabled on your account, then you’ll be prompted to review the auto-fulfillment refresh settings for the listing.

      • Selected accounts and roles: Only selected accounts and roles can access.

      • No accounts or roles are pre-approved: (Default) Data product will only be available by request.

      Accounts

      If Selected accounts and roles is selected, select one or more accounts.

      Optional. Select + Add another account to add second and subsequent accounts.

      By default, all roles in the selected accounts can access the listing. Select Selected roles to grant access only to specific roles each selected account.

    3. Complete the Allow discovery section:

      Field

      Description

      Who else can discover the listing and request access?

      Select one of:

      • Entire organization: (Default) Anyone in the organization can discover listing and request access. This field is selected and disabled if Entire organization is specified for in the Grant access section.

      • Selected accounts and roles: Only selected accounts and roles can discover listing and request access.

      • Not discoverable by users without access: Only users with access can discover this listing.

      Accounts

      If Select accounts and roles is selected, select one or more accounts.

      Optional. Select + Add another account to add second and subsequent accounts and grant access to specific roles.

      Selected user roles

      If Selected roles is selected, enter one or more roles to grant access.

    4. If Allow discovery is Selected accounts and roles, then select Set up request approval flow.

      • In the Set up request approval flow dialog, select one of the following options in the How should the request approval happen? list:

        • Manage requests in Snowflake: Enter the email address of the request approver and optionally specify additional roles that can approve requests.

        • Manage requests outside of Snowflake: Enter an email address for the request approver or enter a URL that points to an internal ticketing system.

        Note

        The Set up request approval flow button isn’t available if the data product is accessible by the entire organization or if the data product is not discoverable by users without access.

  1. Provide a title, and review the generated Uniform Listing Locator (ULL).

    Changing a listings title is optional but recommended. For more information, see Uniform Listing Locator.

    1. Select Untitled Listing.

    2. For Listing title, enter a descriptive title for your data product.

    3. Select Save or Cancel.

  2. Complete the listing.

    Enter addition information about listing page to guide consumers, such as description, data dictionary, usage examples, attributes and more.

    Note that Support Contact is required.

  3. Select Publish to make the listing available in the Internal Marketplace.

    If you exit without publishing, the listing is saved as a draft that’s ready for review or for the addition of descriptive metadata.