Security: Update dangling network policy references¶
Attention
This behavior change is in the 2024_06 bundle.
For the current status of the bundle, refer to Bundle History.
Snowflake network policies behave as follows:
- Before the change:
You can specify a network policy in the NETWORK_POLICY parameter and drop the network policy. The result is a dangling reference of the network policy because it no longer exists. Subsequently, network traffic is allowed to access Snowflake regardless of the definition of the dropped network policy and any network rules added to the dropped network policy.
- After the change:
Snowflake sends you an automated email with information about how to fix dangling network policy references in the NETWORK_POLICY parameter. The email is sent daily until you fix the dangling network policy references.
Additionally, if you specify a network policy in this parameter, you cannot drop the network policy using a DROP NETWORK POLICY command or replace the network policy with a CREATE OR REPLACE NETWORK POLICY command. To do either of these actions, update the parameter value to remove the network policy and then execute the desired command.