About sharing data in non-secured views in Snowflake¶
If you need to take full advantage of the performance gains of query optimizations on the views that you share, you can create a share that lets you share non-secure views with other accounts.
Note
When possible, use secure views to enforce the security of your data. See Using secure objects to control data access.
You can only add non-secure views to shares that have been explicitly configured to allow non-secure objects. You cannot share other non-secure objects, such as non-secure functions. See Limitations of sharing non-secure views.
Limitations of sharing non-secure views¶
If you plan to share views, consider the following:
After you create a share with the SECURE_OBJECTS_ONLY property set to FALSE, you cannot unset this property or set this property to TRUE.
You can only share non-secure views. Other non-secure objects, such as functions, cannot be shared.
Syntax for sharing non-secure views¶
CREATE [ OR REPLACE ] SHARE <name>
[ SECURE_OBJECTS_ONLY = <boolean> ]
[ COMMENT = '<string_literal>' ]
Required Parameters¶
name
Specifies the identifier for the share; must be unique for the account in which the share is created.
In addition, the identifier must start with an alphabetic character and cannot contain spaces or special characters unless the entire identifier string is enclosed in double quotes (e.g.
"My object"
). Identifiers enclosed in double quotes are also case-sensitive.For more details, see Identifier requirements.
Optional Parameters¶
SECURE_OBJECTS_ONLY = boolean
Specifies whether allow granting only secure objects, or also allow granting non-secure objects to the share.
Default: true
COMMENT = 'string_literal'
Specifies a comment for the share.
Default: No value
Access Control Requirements¶
A role used to execute this SQL command must have the following privileges at a minimum:
Privilege |
Object |
Notes |
---|---|---|
CREATE SHARE |
Account |
Only the ACCOUNTADMIN role has this privilege by default. The privilege can be granted to additional roles as needed. |
For instructions on creating a custom role with a specified set of privileges, see Creating custom roles.
For general information about roles and privilege grants for performing SQL actions on securable objects, see Overview of Access Control.
For more information about access control requirements for Snowflake Secure Data Sharing specifically, see Enabling non-ACCOUNTADMIN roles to perform data sharing tasks.
Usage notes¶
You cannot see the value of the SECURE_OBJECTS_ONLY property when you run SHOW SHARES or DESCRIBE SHARE. Use the COMMENT property to note the value of the SECURE_OBJECTS_ONLY property.
The existing notes for CREATE SHARE also apply.
Examples¶
For an example on how to create a share with non-secure views, see Create a share that allows non-secure objects.
For an example using ALTER SHARE, see Convert an existing share to allow sharing non-secure views.