Create an organizational listing¶

Create an organizational listing to share data products securely within your organization. Before you create an organizational listing, review the prerequisites, known limitations, and considerations.

Prerequisites¶

Your organization has an ORGADMIN role. (Organization accounts are optional.)

Known limitations¶

This feature is not available in government regions.
You must use the API to target specific regions.
Data products supported: Snowflake Native App Framework and shares.
Organizational listings that contain a Snowflake Native App do not support target roles for access or discovery.
The following features are not supported when using organizational listings:
- Custom creation of profiles.
- Marketplace analytics.
- Reader accounts.

Considerations¶

Before you target an entire organization, check for external tenants. Adjust the target accounts for your data products before adding them to an organizational listing unless you intend to share them with external tenants.
Each share can be attached to one listing.
Each Native App can be attached to one or more listings.
For organization changes (such as mergers) with accounts containing organizational listings, contact Snowflake Support.

Access control requirements¶

Use the information provided here to determine the specific roles and privileges that you must have to execute organizational listing SQL commands.

Assign organizational listing privileges¶

To create an organizational listing, a role must have the necessary privileges to create a share, as shown in Table 1, as well as necessary privileges to create an organizational listing from it, as shown in Table 2.

Table 1: Share creation and management¶

To create a share and to create and manage objects inside a share, a role must have the necessary privileges on the data objects, schemas, and the CREATE SHARE command.

Privilege	Object	Notes
CREATE SHARE	ACCOUNT	To `CREATE` a share
OWNERSHIP or USAGE with grants option	DATABASE	To see and `USE` the specified database.
OWNERSHIP or USAGE with grants option	SCHEMA	To see the specified schema.
SELECT	TABLE	To query specified tables in the specified schema.
CREATE	SCHEMA	To `CREATE` tables or views in the specified schema.
MODIFY	SCHEMA	To `ALTER` tables or views in the specified schema.

The USAGE privilege on the parent database and schema is required to perform operations on any object in a schema.

Table 2: Privileges to create an organizational listing using the share¶

One of the following privileges is required to create an organizational listing, in addition to the share-related privileges listed above.

Privilege	Object	Notes
CREATE ORGANIZATION LISTING	ACCOUNT	To create and alter organizational listings.
CREATE DATA EXCHANGE LISTING	ACCOUNT	To create and alter organizational listings and private listings.

Consume or query an organizational listing¶

To directly consume an organizational listing, you can reference the Uniform Listing Locator(ULL) without any additional privileges. If you require mounting the listing, then the following privileges are required:

Privilege	Object	Notes
IMPORT ORGANIZATION LISTING	ACCOUNT	To import an organizational listing.
CREATE database	ACCOUNT	To create a database and mount the listing objects.

Manage listing auto-fulfillment settings¶

A role used to execute this operation must have the following privileges at a minimum:

Privilege	Object	Notes
MANAGE LISTING AUTO FULFILLMENT	ACCOUNT	To configure the auto-fulfillment settings.

Share creation and management¶

To create and manage objects inside a share, and to create the share itself, a role should have privileges on relevant data objects, schemas, and the CREATE SHARE command.

Privilege	Object	Notes
CREATE SHARE	ACCOUNT	To `CREATE` a share.
USAGE	DATABASE	To see and `USE` the specified database.
USAGE	SCHEMA	To see the specified schema.
SELECT	TABLE	To query specified tables in the specified schema.
CREATE	SCHEMA	To `CREATE` tables or views in the specified schema.
MODIFY	SCHEMA	To `ALTER` tables or views in the specified schema.

The USAGE privilege on the parent database and schema are required to perform operations on any object in a schema.

For instructions on creating a custom role with a specified set of privileges, see Creating custom roles.

For general information about roles and privilege grants for performing SQL actions on securable objects, see Overview of Access Control.

Create an organizational listing in Snowsight or SQL¶

Create an organizational listing.

Sign in to Snowsight.

Select Data Products » Provider Studio in the left-side navigation menu.

Click + Create Listing » Internal Marketplace.

Click + Data Product.

In the + Data Product dialog, click + Select.

Navigate to a data product such as a table, a view or other data product.

Alternatively, search for and choose a data product to share.

Select Done when complete.

Select Save.

Specify who can access the listing (the target accounts, roles, and regions).

Click + Access Control. The Access and discovery dialog displays.

In the Grant access section, enter values for the following:

Field

Description

Who can access this data product?

Select one of:

Entire organization Anyone in the organization can access the listing.

Selected accounts and roles Only selected accounts and roles can access.

No accounts or roles are pre-approved (Default) Data product will only be available by request.

Accounts

If Select accounts and roles is selected, select one or more accounts.

Click + Add another account to add second and subsequent accounts.

Selected user roles

If Selected roles is selected, enter one or more roles to grant access.

In the Allow discovery section, enter values for the following:

Preview Feature — Open

discovery is a preview feature and is available to all accounts.

Field

Description

Who else can discover the listing and request access?

Select one of:

Entire organization (Default) Anyone in the organization can discover listing and request access.

Selected accounts and roles Only selected accounts and roles can discover listing and request access.

Not discoverable by users without access Only users with access can discover this listing.

Accounts

If Select accounts and roles is selected, select one or more accounts.

Click + Add another account to add second and subsequent accounts.

Selected user roles

If Selected roles is selected, enter one or more roles to grant access.

In the Request approval section, enter the email address of the request approver or link to the internal ticketing system.

Field	Description
Who can access this data product?	Select one of: Entire organization Anyone in the organization can access the listing. Selected accounts and roles Only selected accounts and roles can access. No accounts or roles are pre-approved (Default) Data product will only be available by request.
Accounts	If Select accounts and roles is selected, select one or more accounts. Click + Add another account to add second and subsequent accounts.
Selected user roles	If Selected roles is selected, enter one or more roles to grant access.

Field	Description
Who else can discover the listing and request access?	Select one of: Entire organization (Default) Anyone in the organization can discover listing and request access. Selected accounts and roles Only selected accounts and roles can discover listing and request access. Not discoverable by users without access Only users with access can discover this listing.
Accounts	If Select accounts and roles is selected, select one or more accounts. Click + Add another account to add second and subsequent accounts.
Selected user roles	If Selected roles is selected, enter one or more roles to grant access.

Provide a title and Uniform Listing Locator (ULL).

Changing a listings title is optional but recommended. See Uniform Listing Locator for more information.
1. Select Untitled Listing.
2. For Listing title, enter a descriptive title for your data product.
3. Select Save or Cancel.
Complete the listing.

Enter addition information about listing page to guide consumers, such as description, data dictionary, usage examples and more.

Note that Support Contact is required
1. Click Publish to make the listing available in the Internal Marketplace. If you exit without publishing, the listing is saved as a draft, ready for review or the addition of descriptive metadata.

Create an organizational listing from the share with the required attributes included in YAML (entered in $$ delimiters).

This part of the manifest yaml specifies the accounts that will be able to use the organizational listing:

organization_targets:
  access:

Copy

This example creates a listing using the required settings in the manifest YAML. It targets one role in one account in one region and includes support and approver contacts:

Note

support_contact is required. approver_contact is required if a discovery target is provided.

USE ROLE <organizational_listing_role>;

CREATE ORGANIZATION LISTING <organization_listing_name>
SHARE <share_name> AS
$$
title: "My title"
description: "One region, all accounts"
organization_profile: "INTERNAL"
organization_targets:
  discovery:
  - account: "<account_name>"
    roles:
    - "<role>"

  access:
  - account: "<account_name>"
    roles:
    - "<role>"

support_contact: "support@somedomain.com"
approver_contact: "approver@somedomain.com"
locations:
  access_regions:
  - name: "PUBLIC.<snowflake_region>"
$$;

Copy

For a complete list of all fields and values for an organizational listing see Organization listing manifest reference. For additional examples, see Set who can discover and access an organizational listing.