CREATE FEATURE POLICY¶

Syntax¶

CREATE [ OR REPLACE ] FEATURE POLICY [ IF NOT EXISTS ] <name>
  BLOCKED_OBJECT_TYPES_FOR_CREATION = ( <type> [ , ... ] )
  [ COMMENT = '<string-literal>' ]

Parameters¶

name

Specifies the identifier for the feature policy.

In addition, the identifier must start with an alphabetic character and cannot contain spaces or special characters unless the entire identifier string is enclosed in double quotes (for example, "My object"). Identifiers enclosed in double quotes are also case-sensitive.

For more information, see Identifier requirements.

BLOCKED_OBJECT_TYPES_FOR_CREATION = ( type [ , ... ] )

Specifies a list of objects that an app can’t create in the consumer account. The following objects can be blocked:

• COMPUTE POOLS

• WAREHOUSES

• TASKS

• DATABASES

COMMENT = 'string_literal'

String (literal) that specifies a comment for the feature policy.

Default: No value

Access control requirements¶

A role used to execute this operation must have the following privileges at a minimum:

The USAGE privilege on the parent database and schema are required to perform operations on any object in a schema.

For instructions on creating a custom role with a specified set of privileges, see Creating custom roles.

For general information about roles and privilege grants for performing SQL actions on securable objects, see Overview of Access Control.

Usage notes¶

• If a policy is bound to an object, for example an account or an app, the policy cannot be replaced. Use the ALTER FEATURE POLICY to update or rename the feature policy.

Examples¶

The following example creates a new feature policy that prohibits an app from creating a database:

CREATE FEATURE POLICY block_create_db_policy
  BLOCKED_OBJECT_TYPES_FOR_CREATION = (DATABASES);

The following example creates a new feature policy, but doesn’t specify any objects to prohibit.

CREATE FEATURE POLICY block_nothing_policy
  BLOCKED_OBJECT_TYPES_FOR_CREATION = ();