Snowflake Data Clean Rooms: Provider API reference guide¶

Overview¶

This reference guide lists the stored procedures in the Clean Rooms API that allow a provider to create, configure, and share a clean room.

Procedures exist inside the following schemas:

samooha_by_snowflake_local_db.provider - Provider-specific procedures. These procedures can be called only on clean rooms that were created by the current account.
samooha_by_snowflake_local_db.consumer - Consumer-specific procedures. These procedures can be called only on clean rooms to which the current account was invited as a consumer.
samooha_by_snowflake_local_db.library - General procedures called by either the clean room creator (provider) or a clean room collaborator (consumer).

These procedures are accessible by any command-line environment that supports Snowflake procedures, including notebooks, workbooks, and the CLI.

Requirements¶

The API requires the samooha_app_role role and the app_wh warehouse. Execute the following commands before using any procedures described here:

USE ROLE samooha_app_role;
USE WAREHOUSE app_wh;

Copy

If you don’t have the SAMOOHA_APP_ROLE role, contact your account administrator.

Create, configure, and delete clean rooms¶

provider.view_cleanrooms¶

Description: Lists all existing clean rooms that were created by this provider account.

Arguments: None

Returns: (Table) A list of clean rooms created by this provider account. Clean rooms need not be shared to, installed, or used by consumers. Deleted clean rooms are expunged from the database, and do not appear in this list.

Example:

call samooha_by_snowflake_local_db.provider.view_cleanrooms();

Copy

provider.describe_cleanroom¶

Description: Get a summary of information about a clean room, such as templates, join policies, column policies, and consumers.

Arguments:

cleanroom_name (String) - Name of the clean room to get information about.

Returns: (String) A summary of clean room metadata.

Example:

call samooha_by_snowflake_local_db.provider.describe_cleanroom($cleanroom_name);

Copy

provider.cleanroom_init¶

Description: Creates a clean room with the specified name in your account. This procedure can take a minute or more to run. The clean room will not be visible in the web app or to collaborators until after you call create_or_update_cleanroom_listing.

Arguments:

cleanroom_name (String) - Clean room name, 80 characters maximum. Name includes [A‑Z,a‑z,0‑9, ,_].
distribution (String, Optional) - One of the following values:
- INTERNAL (Default) - Clean room is visible only to users in the same organization and does not trigger a security scan before changing the default version.
- EXTERNAL - Clean room is production ready and can be shared outside the organization. The clean room triggers a security scan before changing the default version. If you want to change the distribution after a clean room is created, call alter package as shown here:
  alter application package samooha_cleanroom_<CLEANROOM_ID> SET DISTRIBUTION = EXTERNAL;
  Copy

Returns: (String) Success or failure message.

Example:

-- Create an internal clean room
call samooha_by_snowflake_local_db.provider.cleanroom_init($cleanroom_name, 'INTERNAL');

Copy

provider.set_default_release_directive¶

Description: Specifies the version and patch of a clean room loaded by collaborators when they start a new browser session in the web app, or access the clean room from an API. This must be called before the clean room can be shared with consumers.

The clean room application creates a new version of a clean room whenever you upload or change Python code. If you want users to be served the newest version, call this procedure with the new version number. To see the available versions, and learn the current default version, run:

show versions in application package samooha_cleanroom_<CLEANROOM_ID>;

Copy

All clean rooms are created with the following version and patch numbers:

version: V1_0
patch: 0

Note

If the clean room distribution is set to EXTERNAL, this procedure can be called only after the clean room security scan moves to an APPROVED state. To see the security status, call view_cleanrooom_scan_status.

Arguments:

cleanroom_name (String) - Clean room name.
version (String) - Version. Must always be “V1_0”.
patch (String) - Patch number loaded by the consumer. This starts at 0, and you should increment it whenever a new clean room version is available. You can see the available versions as described above.

Returns: (String) Success or failure message.

Example:

call samooha_by_snowflake_local_db.provider.set_default_release_directive($cleanroom_name, 'V1_0', '0');

Copy

provider.drop_cleanroom¶

Description: Delete the clean room. Collaborators who have the clean room installed can no longer access or use it. The clean room will no longer appear in the web app the next time the browser is refreshed.

Arguments:

cleanroom_name (String) - Name of the clean room to delete.

Returns: (String) Success or failure message.

Example:

call samooha_by_snowflake_local_db.provider.drop_cleanroom($cleanroom_name);

Copy

provider.enable_consumer_run_analysis¶

Description: Enables the consumer to run analyses in the clean room. This capability is enabled by default in all new clean rooms, so this procedure need only be run if you have explicitly disabled consumer-run analysis for a clean room.

Important

This procedure must be called before a consumer installs a clean room. If this capability is changed after a clean room is installed, then the clean room must be reinstalled to reflect the new configuration.

Arguments:

cleanroom_name (String) - Name of the clean room in which consumer-run analyses are allowed.
consumer_accounts (Array of string) - Account locators of all consumers to enable this feature for. NOTE: These consumers must already have been added to the clean room.

Returns: (String) Success or failure message.

Example:

call samooha_by_snowflake_local_db.provider.enable_consumer_run_analysis($cleanroom_name, ['<CONSUMER_ACCOUNT_LOCATOR_1>']); 

Copy

provider.disable_consumer_run_analysis¶

Description: Prevents the specified consumers from running analyses in the specified clean room. By default, all consumers are allowed to run an analysis in a clean room.

Important

This procedure must be called before a consumer installs a clean room. If this is changed after a consumer has already installed their clean room, then they will need to reinstall the clean room to reflect the new configuration.

Arguments:

cleanroom_name (String) - Clean room where consumer-run analysis is being disabled.
consumer_accounts (Array of string) - Account locators of consumers that cannot run an analysis in this clean room. NOTE: These consumers must already have been added to the clean room.

Returns: (String) Success or failure message.

Example:

call samooha_by_snowflake_local_db.provider.disable_consumer_run_analysis($cleanroom_name, ['<CONSUMER_ACCOUNT_LOCATOR_1>']); 

Copy

library.is_consumer_run_enabled¶

Description: Checks if this clean room allows consumer-run analyses.

Arguments:

cleanroom_name (String) - Name of the clean room to check.

Returns: (String) Whether or not this clean room allows consumer-run analyses.

Example:

call samooha_by_snowflake_local_db.library.is_consumer_run_enabled($cleanroom_name)

Copy

provider.create_or_update_cleanroom_listing¶

Description: Publishes a new clean room or updates an existing clean room. You should call this method whenever you make changes to a clean room to ensure that the changes are propagated to consumers.

When publishing a clean room for the first time, it can take a while for the clean room to become visible in the web app (up to 15 minutes).

If you make updates to a clean room without calling this method afterwards, there is no guarantee that the changes will be propagated to consumers.

Note

You must set the release directive at least once before calling this procedure. For more information, see provider.set_default_release_directive.

Arguments:

cleanroom_name (String) - Name of the clean room to publish or update.

Returns: (String) Success or failure message.

Example:

call samooha_by_snowflake_local_db.provider.create_or_update_cleanroom_listing($cleanroom_name);

Copy

provider.add_ui_form_customizations¶

Description: Defines a UI for a template in a clean room when accessed in the web app. This is useful when allowing consumers to choose template parameters, such as tables or columns. At a minimum, you must specify values for display_name, description, and methodology in the template_information argument.

Arguments:

cleanroom_name (String) : The name of the clean room that contains this template. The submitted form applies only to the specified template in the specified clean room.
template_name (String): Name of the template to which this UI applies. This is not the user-visible title, which is specified using the template_information.display_name field.
template_information (Dict): Information displayed to the user in the UI. Contains the following fields:
- display_name (Required): Display name of the template in the web app.
- description (Required): Description of the template.
- methodology(Required): Description of how the consumer should use the form to execute an analysis.
- warehouse_hints (Object): Recommends what type of warehouse to use to run the analysis. This is an object with the following fields:
  - warehouse_size: See warehouse_size in CREATE WAREHOUSE for valid values.
  - snowpark_optimized (Boolean): Whether to use a Snowpark-optimized warehouse to process the query. For most machine learning use cases, Snowflake recommends TRUE.
- render_table_dropdowns (Object): Whether to show the default dropdown lists that let the user select which provider and/or consumer tables to use in the query. This is an object with the following fields:
  - render_consumer_table_dropdown: (Boolean, Default = TRUE) If TRUE, show the default consumer table selector. If FALSE, hide the consumer tables selector. The template can access the chosen values as a list using the my_table template variable.
  - render_provider_table_dropdown: (Boolean, Default = TRUE) If TRUE, show the default provider table selector. If FALSE, hide the provider tables selector. The template can access the chosen values as a list using the source_table template variable.
details (Dict): Defines user-configurable input fields that pass values to the template. This is a dictionary of key/object pairs, each pair representing one user-configurable UI element. The key is an arbitrary string name that is exposed as a variable to the JinjaSQL template. The value is an object that defines the UI element. Each object has the following fields:
```
<field_name>: {
  'display_name': <string>,
  'description': <string>,
  'methodology': <string>,
  ['type': <enum>,]
  ['default': <value>,]
  ['choices': <string array>,]
  ['infoMessage': <string>,]
  ['size': <enum>]
  ['required': <bool>,]
  ['group': <string>,]
  ['references': <enum>]
  ['provider_parent_table_field':  <string>,]
  ['consumer_parent_table_field': <string>]
}
```
Copy
- display_name (Required): Display name of the UI element
- description (Required): Description appearing under the name
- methodology (Required): Description of how the consumer should use the form to execute an analysis
- type: The type of UI element. If references is specified for this input field, then omit this entry (the type is determined for you). Supported values:
  - any (Default): Regular text entry field.
  - boolean: True/False selector
  - integer: Use arrows to change the number
  - multiselect: Select multiple items from a dropdown list
  - dropdown: Select one item from a dropdown list
  - date: Date selector
- default: Default value of this element
- choices: (Array of string) List of choices for dropdown and multiselect elements
- infoMessage: Informational hovertext shown next to the element
- size: Element size. Supported values: XS, S, M, L, XL
- required: Whether a value is required by the user. Specify TRUE or FALSE.
- group: A group name, used to group items in the UI. Use the same group name for items that should be grouped together in the UI. If you hide the default dropdown lists, you can use the {{ source_table }} and {{ my_table}} special arguments in the custom template, then define your own dropdown list that contains the desired tables. For more information about using these special variables when defining the custom template, see provider.add_custom_sql_template.
- references: Creates a dropdown list containing tables or columns that are available in the clean room without having to know them in advance or list them individually. If used, type must be either “multiselect” or “dropdown”. The following string values are supported:
  - PROVIDER_TABLES: Dropdown list of all the provider’s tables in the clean room accessible by the user
  - PROVIDER_JOIN_POLICY: Dropdown list of all columns that can be joined on from the provider table specified by provider_parent_table_field
  - PROVIDER_COLUMN_POLICY: Dropdown list of all columns with a column policy in the provider table specified by provider_parent_table_field
  - CONSUMER_TABLES: Dropdown list of all the consumer’s tables in the clean room accessible by the user
  - CONSUMER_COLUMNS: Dropdown list of all columns in the consumer table specified by consumer_parent_table_field that can be accessed by the user. You should not use consumer column references in provider-run templates, as the consumer might apply join and column policies, which might lead to a query failing when the policy for the column is not being respected.
  - CONSUMER_JOIN_POLICY: Dropdown list of all columns that can be joined on from the consumer table specified by consumer_parent_table_field
  - CONSUMER_COLUMN_POLICY: Dropdown list of all columns with a column policy in the consumer table specified by consumer_parent_table_field
- provider_parent_table_field: Specify the name of the UI element where the user selects a provider table (don’t provide the table name itself here). Use only when references is set to PROVIDER_COLUMN_POLICY or PROVIDER_JOIN_POLICY.
- consumer_parent_table_field: Specify the name of the UI element where the user selects a consumer table (don’t provide the table name itself here). Use only when references is set to CONSUMER_COLUMNS, CONSUMER_JOIN_POLICY, or CONSUMER_COLUMN_POLICY.
output_config (Dict) Defines how to display template results graphically in the web application. If not provided, the results are not displayed in a graph, only in a table. If you do not want a graph, provide an empty object {} for this argument. Allowed fields:
- measure_columns: Names of columns containing measures and dimensions to use in the graph generated by the web application.
- default_output_type: The default format to display the results. The user will typically be able to change the display format in the UI if the data is in the proper format. Supported types:
  - TABLE: (Default) Tabular format
  - BAR: Bar chart, which is good for comparing different categories
  - LINE: Line chart, which is good for showing trends over time or continuous data
  - PIE: Pie chart, which is suitable for showing proportions or percentages

Returns: (String) Success or failure message.

Example:

-- Specify the display name, description, and warehouse, and hide the default table dropdown lists. 
-- Define the following two fields in the UI:
--   A provider table selector that shows all provider tables. Chosen tables can be accessed by the template with the variable 'a_provider_table'
--     (This dropdown list is equivalent to setting `render_table_dropdowns.render_provider_table_dropdown: True`)
--   A column selector for the tables chosen in 'a_provider_table'. Chosen columns can be accessed by the template with the variable 'a_provider_col'

call samooha_by_snowflake_local_db.provider.add_ui_form_customizations(
    $cleanroom_name,
    'prod_custom_template',
    {
        'display_name': 'Custom Analysis Template',
        'description': 'Use custom template to run a customized analysis.',
        'methodology': 'This custom template dynamically renders a form for you to fill out, which are then used to generate a customized analysis fitting your request.',
        'warehouse_hints': {
            'warehouse_size': 'xsmall',
            'snowpark_optimized': FALSE
        },
        'render_table_dropdowns': {
            'render_consumer_table_dropdown': false,
            'render_provider_table_dropdown': false
        },
        'activation_template_name': 'activation_my_template',
        'enabled_activations': ['consumer', 'provider']  
    },    
    {
        'a_provider_table': {
            'display_name': 'Provider table',
            'order': 3,
            'description': 'Provider table selection',
            'size': 'S',
            'group': 'Seed Audience Selection',
            'references': ['PROVIDER_TABLES'],
            'type': 'dropdown'
        },
        'a_provider_col': {
            'display_name': 'Provider column',
            'order': 4,
            'description': 'Which col do you want to count on',
            'size': 'S',
            'group': 'Seed Audience Selection',
            'references': ['PROVIDER_COLUMN_POLICY'],
            'provider_parent_table_field': 'a_provider_table',
            'type': 'dropdown'
        }
    },
    {
        'measure_columns': ['col1', 'col2'],
        'default_output_type': 'PIE'
    }
);

Copy

Register and unregister data¶

Use the following command to register and unregister databases, schemas, and objects. Tables and views must be registered before they can be linked into the clean room. If you register a database or schema, all of the objects in that database or schema are registered.

Learn more about registering data.

provider.register_db¶

Description: Enables a database and all objects within it to be linked into individual clean rooms in this clean room environment. This procedure grants USAGE and SELECT privileges on the database to SAMOOHA_APP_ROLE, which is used by the clean room environment to access data.

You must have MANAGE GRANTS access on the database to call this procedure. Other providers in this clean room environment can then link these objects into their own clean rooms without needing their own SELECT privilege.

Learn more about registering data.

Important

This procedure does not register any objects created after it was called. If new objects were added to the database and you want to register those as well, you must call this procedure again.

Arguments:

db_name (String) - Name of database to register.

Returns: (String) Success or failure message.

Example:

call samooha_by_snowflake_local_db.provider.register_db('SAMOOHA_SAMPLE_DATABASE');

Copy

library.register_schema¶

Description: Similar to register_db, but operates at a schema level. You must have MANAGE GRANTS privilege on the schema to call this procedure.

This procedure grants USAGE and SELECT privileges on the schema to SAMOOHA_APP_ROLE, which is used by the clean room environment to access data.

If you want to register a managed access schema (that is, a schema created using the WITH MANAGED ACCESS parameter), use library.register_managed_access_schema instead.

Important

This procedure does not register any objects created after it was called. If new objects were added to the database and you want to register those as well, you must call this procedure again.

Arguments:

schema_name (Array of string) - An array of one or more fully qualified schema names to register.

Returns: (String) Success or failure message.

Example:

call samooha_by_snowflake_local_db.library.register_schema(['SAMOOHA_SAMPLE_DATABASE.DEMO']);

Copy

library.register_managed_access_schema¶

Description: Similar to register_schema, but registers a schema that was created using the WITH MANAGED ACCESS parameter. You must have MANAGE GRANTS privileges on the schema to call this procedure.

This procedure grants use privileges on the managed schema to SAMOOHA_APP_ROLE, which is used by the clean room environment to access data.

Important

This procedure does not register any objects created after it was called. If new objects were added to the database and you want to register those as well, you must call this procedure again.

Arguments:

schema_name (Array of string) - An array of one or more fully qualified schema names.

Returns: (String) Success or failure message.

Example:

call samooha_by_snowflake_local_db.library.register_managed_access_schema(['SAMOOHA_SAMPLE_DATABASE.DEMO']);

Copy

library.register_objects¶

Description: Grants the clean room access to tables and views of all types, making them available to be linked into the clean room by calling provider.link_datasets. You can register broader groups of objects by calling library.register_schema, library.register_managed_access_schema, or provider.register_db.

This procedure grants use privileges on the object to SAMOOHA_APP_ROLE, which is used by the clean room environment to access data.

You must have MANAGE GRANTS privilege on the object to call this procedure. This procedure cannot be used to register a database.

Arguments:

object_names (array) - Array of fully qualified object names. These objects can then be linked into the clean room.

Returns: (String) Success or failure message.

Examples

To register a table and a view:

call samooha_by_snowflake_local_db.library.register_objects(
    ['SAMOOHA_SAMPLE_DATABASE.DEMO.CUSTOMERS','SAMOOHA_SAMPLE_DATABASE.INFORMATION_SCHEMA.FIELDS']);

Copy

library.unregister_db¶

Description: Reverses the register_db procedure and removes the database-level grants given to the SAMOOHA_APP_ROLE role and Snowflake Data Clean Room native application. This also removes any database from the selector in the web app.

Arguments:

db_name (String) - Name of the database to unregister.

Returns: (String) Success or failure message.

Example:

call samooha_by_snowflake_local_db.library.unregister_db('SAMOOHA_SAMPLE_DATABASE');

Copy

library.unregister_schema¶

Description: Unregisters a schema, which prevents users from linking its tables and views into the clean room.

If you want to unregister a managed access schema (that is, a schema created using the WITH MANAGED ACCESS parameter), use library.unregister_managed_access_schema instead.

Arguments:

schema_name (array) - Schemas to unregister.

Returns: (String) Success or failure message.

Example:

call samooha_by_snowflake_local_db.library.unregister_schema(['SAMOOHA_SAMPLE_DATABASE.DEMO']);

Copy

library.unregister_managed_access_schema¶

Description: Similar to unregister_schema, but unregisters a schema that was created using the WITH MANAGED ACCESS parameter.

Arguments:

schema_name (array) - Managed schemas to unregister.

Returns: (String) Success or failure message.

Example:

call samooha_by_snowflake_local_db.library.unregister_managed_access_schema(['SAMOOHA_SAMPLE_DATABASE.DEMO']);

Copy

library.unregister_objects¶

Description: Revokes clean room access to tables and views of all types. Objects will no longer be available to any users in any clean rooms managed by this account.

Arguments:

object_names (array) - Array of fully-qualified object names for which access should be revoked.

Returns: (String) Success or failure message.

Examples

To unregister a table and a view:

call samooha_by_snowflake_local_db.library.unregister_objects(
    ['SAMOOHA_SAMPLE_DATABASE.DEMO.CUSTOMERS','SAMOOHA_SAMPLE_DATABASE.INFORMATION_SCHEMA.FIELDS']);

Copy

Link data and tables¶

Use the following commands to add or remove tables and views in a clean room.

provider.view_provider_datasets¶

Description: Views all datasets that have been added to the clean room.

Arguments:

cleanroom_name (String) - Clean room name.

Returns: (Table) List of provider datasets in this clean room.

Example:

call samooha_by_snowflake_local_db.provider.view_provider_datasets($cleanroom_name);

Copy

provider.link_datasets¶

Description: Links a Snowflake table or view into the clean room. The procedure automatically makes the table accessible to the clean room by creating a secure view of the table within the clean room, thereby avoiding any need to make a copy of your table. The table is still linked to its source, so updates in the source will be reflected in the secure version within the clean room.

Any items linked here must be registered first, at the database, schema, or object level.

Arguments:

cleanroom_name (String) - Name of the clean room with access to the objects.
tables_list (Array of string) - List of tables or views to link into the clean room. Objects must be registered before they can be linked in.
consumer_list (Array of string, Optional) - If present, allows only consumers listed here to access these objects. If absent, allows anyone with access to the clean room to access this data.

Returns: (String) Success or failure message.

Example:

call samooha_by_snowflake_local_db.provider.link_datasets(
  $cleanroom_name, ['SAMOOHA_SAMPLE_DATABASE.DEMO.CUSTOMERS', 'SAMOOHA_SAMPLE_DATABASE.DEMO.EXPOSURES']);

Copy

Note

Before linking a view into the clean room, a user with the ACCOUNTADMIN role must execute the following in Snowflake:

grant reference_usage on database <DB NAME> to share in application package samooha_cleanroom_<cleanroom_name>;

Copy

provider.unlink_datasets¶

Description: Removes access to the specified tables in the specified clean room for all users. Specified tables must have been linked by the provider.

Arguments:

cleanroom_name (String) - Name of clean room linked to these data sets.
tables_list (array) - Array of table or view names to unlink from the clean room.

Returns: (String) Success or failure message.

Example:

call samooha_by_snowflake_local_db.provider.unlink_datasets($cleanroom_name, ['SAMOOHA_SAMPLE_DATABASE.DEMO.CUSTOMERS', 'SAMOOHA_SAMPLE_DATABASE.DEMO.EXPOSURES']);

Copy

provider.view_provider_datasets¶

Description: View all tables and views linked into the specified clean room by any provider in this account.

Arguments:

cleanroom_name (String) - Name of the clean room.

Returns: Table of objects linked into the specified clean room, along with the clean room’s internal view name for each object.

Example:

call samooha_by_snowflake_local_db.provider.view_provider_datasets($cleanroom_name);

Copy

provider.restrict_table_options_to_consumers¶

Description: Controls whether a particular consumer can access a table in the clean room. This procedure is replace only, so only the users specified here will be able to access a table listed here. Consumers granted access through provider.link_datasets, a previous call to this procedure, or any other procedure will lose access to a table listed here if they are not in the list.

Arguments:

*cleanroom_name (String)
*access_details(Object) - A JSON object, where the name is the fully qualified name of a table or view, and the value is an array of account locators.

Returns: (String) Success or failure message.

Example:

call samooha_by_snowflake_local_db.provider.restrict_table_options_to_consumers(
    $cleanroom_name,
    {
        'DB.SCHEMA.TABLE1': ['CONSUMER_1_LOCATOR'],
        'DB.SCHEMA.TABLE2': ['CONSUMER_1_LOCATOR', 'CONSUMER_2_LOCATOR']
    }
);

Copy

Manage join policies¶

Join policies in data clean rooms are not the same as Snowflake-wide join policies. Join policies for clean rooms are set only by using this procedure; join policies set on tables outside of clean rooms are ignored by clean rooms.

provider.view_join_policy¶

Description: Shows the join policies currently applied to the clean room.

Arguments:

cleanroom_name (String) - Name of the clean room to query.

Returns: (Table) List of joinable rows on all tables or views in the clean room.

Example:

call samooha_by_snowflake_local_db.provider.view_join_policy($cleanroom_name);

Copy

provider.set_join_policy¶

Description: Specifies which columns the consumer can join on when running templates within this clean room. Note that the policy is replace only, so if the procedure is called again, the previously set join policy is completely replaced by the new one.

Important

Join policies are enforced only when the template applies the join_policy or join_and_column_policy JinjaSQL filters to join rows.

Note

Arguments:

cleanroom_name (String) - Name of the clean room where the join policy should be enforced.
table_and_col_names (Array of string) - Fully qualified column name in the format database_name.schema_name.table_or_view_name:column_name. Note the correct use of . versus : marks

Returns: (String) Success or failure message.

Example:

call samooha_by_snowflake_local_db.provider.set_join_policy($cleanroom_name, ['SAMOOHA_SAMPLE_DATABASE.DEMO.CUSTOMERS:EMAIL', 'SAMOOHA_SAMPLE_DATABASE.DEMO.EXPOSURES:EMAIL']);

Copy

Manage provider templates¶

Use the following commands to add the templates/analyses that are supported in this clean room.

provider.view_added_templates¶

Description: Views the provider-added templates in the clean room. There is no method to list all templates in all clean rooms for this provider.

Arguments:

cleanroom_name (String) - Clean room to query.

Returns: (Table) - List of templates available in the specified clean room, with details about each template.

Example:

call samooha_by_snowflake_local_db.provider.view_added_templates($cleanroom_name);

Copy

provider.view_template_definition¶

Description: Shows information about a specific template. Consumers looking at a provider template should use consumer.view_template_definition.

Arguments:

cleanroom_name (String) - Name of the clean room with this template.
template_name (String) - Name of the template to request information about.

Returns: The template definition (String)

Example:

call samooha_by_snowflake_local_db.provider.view_template_definition($cleanroom_name, 'prod_overlap_analysis');

Copy

provider.add_templates¶

Description: Adds a list of templates to the clean room. This does not replace the existing template list.

Arguments:

cleanroom_name (String) - Name of the clean room to add templates to.
template_names (Array of string) - Name of the templates to add. These are Snowflake-provided templates only. To add a custom template, call add_custom_sql_template. Snowflake-provided template names include “prod_overlap_analysis”, and “prod_provider_data_analysis”.

Returns: (String) Success or failure message.

Example:

call samooha_by_snowflake_local_db.provider.add_templates($cleanroom_name, ['prod_overlap_analysis']);

Copy

provider.clear_template¶

Description: Removes a specified template from the clean room.

Arguments:

cleanroom_name (String) - Name of the clean room.
template_name (String) - Name of the template to remove from that clean room.

Returns: (String) Success or failure message.

Example:

call samooha_by_snowflake_local_db.provider.clear_template($cleanroom_name, 'prod_custom_template');

Copy

provider.clear_all_templates¶

Description: Removes all the templates that have been added to the clean room.

Arguments:

cleanroom_name (String) - Name of the clean room from which to remove all templates.

Returns: (String) Success or failure message.

Example:

call samooha_by_snowflake_local_db.provider.clear_all_templates($cleanroom_name);

Copy

provider.set_column_policy¶

Description: Sets which columns in the data are available to a specified template in the clean room as non-join rows. Columns must be either declared here or in set_join_policy to be used in the clean room. Columns listed here can be used anywhere in the template except as a join column. A column cannot be listed in both a column policy and a join policy.

By default, the column policy for a table is empty, meaning that no columns are viewable in the results.

This procedure is replace entirely behavior, so each time it is called, it overwrites the previous column list entirely.

Note that the column policy checks are carried out by parsing the SQL query to be run against the data for any unauthorized columns. Queries with wildcards might not be caught using these checks, and discretion should be used when designing the analysis template. If some columns should really never be queried, consider creating a view of your source table that eliminates these sensitive columns, and link in that view instead.

Arguments:

cleanroom_name (String) - Name of the clean room.
analysis_and_table_and_cols(Array of string) - Array of columns that can be used by templates. Format is: template_name:full_table_name:column_name

Returns: (String) Success or failure message.

Example:

call samooha_by_snowflake_local_db.provider.set_column_policy($cleanroom_name,
['prod_overlap_analysis:SAMOOHA_SAMPLE_DATABASE.DEMO.CUSTOMERS:STATUS',
 'prod_overlap_analysis:SAMOOHA_SAMPLE_DATABASE.DEMO.CUSTOMERS:AGE_BAND',
 'prod_overlap_analysis:SAMOOHA_SAMPLE_DATABASE.DEMO.CUSTOMERS:DAYS_ACTIVE']);

 -- Same example, but using a variable name for the template.
call samooha_by_snowflake_local_db.provider.set_column_policy($cleanroom_name,
[$template_name || ':SAMOOHA_SAMPLE_DATABASE.DEMO.CUSTOMERS:STATUS',
 $template_name || ':SAMOOHA_SAMPLE_DATABASE.DEMO.CUSTOMERS:AGE_BAND',
 $template_name || ':SAMOOHA_SAMPLE_DATABASE.DEMO.CUSTOMERS:DAYS_ACTIVE']);

Copy

provider.view_column_policy¶

Description: Lists the column policies currently active in the clean room. A column policy says which table columns can be shown in which templates.

**Arguments:**cleanroom_name (String)

Returns: (Table) Which columns can be used in which templates.

Example:

call samooha_by_snowflake_local_db.provider.view_column_policy($cleanroom_name);

Copy

provider.add_custom_sql_template¶

Description: Adds a custom JinjaSQL template into the clean room. This makes the template callable by the consumer.

You can call this API more than once to add multiple custom templates to the clean room. The procedure overwrites any previous template with the same name in this clean room.

If the template is used by the consumer to activate results back to the provider, the command must meet the following requirements:

The name of the custom template must begin with the string activation. For example, activation_custom_template.
The template must create a table that begins with cleanroom.activation_data_. For example, CREATE TABLE cleanroom.activation_data_analysis_results AS ... .
The template must return the unique part of the table name that was created in the definition, which is the string appended to cleanroom.activation_data_. For example, return 'data_analysis_results'.

The JinjaSQL templates can access two global variables:

source_table: An array of provider tables. When the template is run using the web app, these are chosen by the consumer using a web form. When the template is run from code, these are passed in to consumer.run_analysis using the provider_tables argument.
my_table: An array of consumer tables. When the template is run using the web app, these are chosen by the consumer using a web form. When the template is run from code, these are passed in to consumer.run_analysis using the consumer_tables argument.

All provider/consumer tables must be referenced using these arguments since the name of the secure view actually linked to the clean room will be different to the table name. Critically, provider table aliases MUST be p (or p1), p2, p3, p4, etc. and consumer table aliases must be c (or c1), c2, c3, etc. This is required in order to enforce security policies in the clean room.

All user-specified columns in a custom JinjaSQL template should be checked for compliance with the join and column policies using the following filters:

join_policy: Checks if a string value or filter clause is compliant with the join policy
column_policy: Checks if a string value or filter clause is compliant with the column policy
join_and_column_policy: Checks if columns used for a join in a filter clause are compliant with the join policy, and that columns used as a filter are compliant with the column policy

For example, in the clause {{ where_clause | sqlsafe | join_and_column_policy }}, an input of where_clause = 'p.HEM = c.HEM and p.STATUS = 1' will be parsed to check if p.HEM is in the join policy and p.STATUS is in the column policy.

Note: Use the sqlsafe filter with great caution, because it allows collaborators to put pure SQL into the template.

Arguments:

cleanroom_name (String) - Name of the clean room to which this template is applied.
template_name (String) - Name of the template. Must be all lowercase letters, numbers, spaces, or underscores. Activation templates must have a name beginning with “activation”.
template (String) - The JinjaSQL template.
sensitivity(Float, Optional) - If differential privacy is enabled for this clean room, it specifies the amount of differential privacy noise applied to the data consumed by this template. Default is 1.0, no upper bound. Set this value to the maximum amount the query could change by excluding a single row from the results. Differential privacy must be enabled in this clean room for this argument to have any effect.
consumer_locators(Array of string, Optional) - An array of one or more account locators. If present, this template will be added to the clean room only for these accounts. You can later modify this list by calling provider.restrict_template_options_to_consumers. If you don’t specify a list of consumers, all consumers can use the custom template in the specified clean room.

Returns: (String) Success or failure message.

Example:

call samooha_by_snowflake_local_db.provider.add_custom_sql_template(
    $cleanroom_name, 'prod_custom_template', 
    $$
select 
    identifier({{ dimensions[0] | column_policy }}) 
from 
    identifier({{ my_table[0] }}) c 
    inner join 
    identifier({{ source_table[0] }}) p 
    on 
        c.identifier({{ consumer_id  }}) = identifier({{ provider_id | join_policy }}) 
    {% if where_clause %} where {{ where_clause | sqlsafe | join_and_column_policy }} {% endif %};
    $$);

Copy

provider.restrict_template_options_to_consumers¶

Description: Controls which users can access a given template in a given clean room. This procedure overrides any access list specified previously by any other procedure for a clean room/template pair.

Arguments:

cleanroom_name (String) - The name of the clean room.
access_details(JSON object) - The name of a template and the users who can access that template in that clean room. If a template is specified, only users listed here can access that template in that clean room. This is an object with one child object per template in the following format: {'template_name': ['user1_locator','user2_locator','userN_locator']}

Returns: (String) Success or failure message.

Example:

call samooha_by_snowflake_local_db.provider.restrict_template_options_to_consumers(
    $cleanroom_name,
    {
        'prod_template_1': ['CONSUMER_1_LOCATOR', 'CONSUMER_2_LOCATOR']
    }
);

Copy

Consumer-defined templates¶

The following APIs allow you to approve or reject a request from a consumer to add a template to the clean room. A consumer-defined template is added to a clean room only if the provider approves the consumer’s request to add it. For more information, see Using the developer API to add consumer-defined templates.

provider.list_template_requests¶

Description: Lists all requests from consumers who want to add a consumer-defined template to a clean room. This includes pending, approved, and rejected requests. Use this to check for pending requests and approve them (provider.approve_template_request) or reject them (provider.reject_template_request).

Important

You must call provider.mount_request_logs_for_all_consumers on a clean room once before calling this procedure. There’s no need to call it more than once.

Arguments:

cleanroom_name (String) - View consumer requests to add a template to this clean room.

Returns: A table with the following values, among others:

request_id (String) - ID of the request, needed to accept or reject the request. consumer_identifier (String) - Account locator of the person making the request. template_name (String) - Name of the consumer-provided template. template_definition (String) - Full definition of the consumer-proposed template. status (String) - Status of the request: PENDING, APPROVED, REJECTED.

Example:

call samooha_by_snowflake_local_db.provider.list_template_requests($template_name);

Copy

provider.approve_template_request¶

Description: Approves a request to add a template to the clean room.

Arguments:

cleanroom_name (String) - Name of the clean room the user wants to add the template to.
request_id (String) - ID of the request to approve. Call provider.list_template_requests to see request IDs.

Returns: (String) Success or failure message.

Example:

call samooha_by_snowflake_local_db.provider.approve_template_request('dcr_cleanroom', 
    '01b4d41d-0001-b572');

Copy

provider.reject_template_request¶

Description: Rejects a request to add a template to a clean room.

Arguments:

cleanroom_name (String) - Name of the clean room the user wants to add the template to.
request_id (String) - ID of the request to reject. Call provider.list_template_requests to see request IDs.
reason_for_rejection (String) - Reason for rejecting the request.

Returns: (String) Success or failure message.

Example:

call samooha_by_snowflake_local_db.provider.reject_template_request('dcr_cleanroom',
  '01b4d41d-0001-b572',
  'Failed security assessment');

Copy

Template chains¶

Use the following commands to create and manage template chains.

provider.add_template_chain¶

Description: Creates a new template chain. Templates must exist before being added to the template chain. After a template chain is created, it cannot be modified, but you can create a new template chain with the same name to overwrite the old one.

Arguments:

cleanroom_name (String) - Name of the clean room where the template chain should be added.
template_chain_name (String) - Name of the template chain.
templates(Array of objects) - Array of objects, one per template. The object can contain the following fields:
- template_name (String) - Specifies the template being added to the template chain. The template must already be added to the clean room by calling provider.add_template_chain.
- cache_results (Boolean) - Determines whether the results of the template are temporarily saved so other templates in the template chain can access them. To cache results, specify TRUE.
- output_table_name (String) - When cache_results = TRUE, specifies the name of the Snowflake table where template results are stored.
- jinja_output_table_param (String) - When cache_results = TRUE, specifies the name of the Jinja parameter that other templates must include to accept the results that are stored in output_table_name.
- cache_expiration_hours (integer) - When cache_results = TRUE, specifies the number of hours before the results in the cache are dropped. When the cache expires, the next time the template chain is executed, the cache is refreshed with the results of the template.

Returns: (String) Success or failure message.

Example:

call samooha_by_snowflake_local_db.provider.add_template_chain(
  $cleanroom_name,
  'my_chain',
  [
    {
      'template_name': 'crosswalk',
      'cache_results': True,
      'output_table_name': 'crosswalk',
      'jinja_output_table_param': 'crosswalk_table_name',
      'cache_expiration_hours': 2190
    },
    {
      'template_name': 'transaction_insights',
      'cache_results': False
    }
  ]
);

Copy

provider.view_added_template_chains¶

Description: Lists the template chains in the specified clean room.

Arguments:

cleanroom_name (String) - Name of the clean room.

Returns: (Table) Description of all template chains added to this clean room.

Example:

call samooha_by_snowflake_local_db.provider.view_added_template_chains($cleanroom_name);

Copy

provider.view_template_chain_definition¶

Description: Returns the definition of a template chain.

Arguments:

cleanroom_name (String) - Name of the clean room associated with this template chain.
template_chain_name (String) - Name of the template chain associated with this clean room.

Returns: (Table) Description of the specified template chain.

Example:

call samooha_by_snowflake_local_db.provider.view_template_chain_definition($cleanroom_name, 'my_chain');

Copy

provider.clear_template_chain¶

Description: Deletes a specified template chain from a specified clean room. The chain is not stored anywhere, so if you want to recreate the chain, you must recreate it from scratch.

Arguments:

cleanroom_name (String) - The clean room that is assigned this template chain.
template_chain_name (String) - The template chain to remove from this clean room.

Returns: (String) Success or failure message.

Example:

call samooha_by_snowflake_local_db.provider.clear_template_chain($cleanroom_name, 'my_chain');

Copy

provider.clear_all_template_chains¶

Description: Deletes all template chains from the specified clean room.

Arguments:

cleanroom_name (String) - Name of the clean room from which to delete all template chains.

Returns: (String) Success or failure message.

Example:

call samooha_by_snowflake_local_db.provider.clear_all_template_chains($cleanroom_name);

Copy

Multi-provider analysis¶

These procedures enable multi-provider analysis.

provider.enable_multiprovider_computation¶

Description: This procedure enables tables from multiple Snowflake clean rooms, and possibly different providers, to be used by a single template provided by the consumer. Specify which of your clean rooms can be queried in combination with which other clean rooms by which other users.

Arguments:

cleanroom_name (String) - Name of a clean room that you own. All data in this clean room can be shared with other clean rooms listed below when requested by the user listed below.
consumer_account (String) - Account locator of a consumer who is allowed to make the request and, if approved, run a query against any tables in this clean room combined with data from any clean rooms listed in approved_other_cleanrooms.
approved_other_cleanrooms (Array of string) - Array of fully qualified clean room names with which data from this clean room can be combined. The format of each entry is provider_org_name.provider_account_name.cleanroom_name.

Returns: (String) Success or failure message.

Example:

CALL samooha_by_snowflake_local_db.provider.enable_multiprovider_computation(
  $cleanroom_name,
  $consumer_account_locator,
  'org1.account123',
  $cleanroom_name_2);

Copy

provider.process_multiprovider_request¶

Description: Evaluates a multi-clean-room query request sent by a consumer. Requests are evaluated based on factors such as the age of the request, and whether the requestor and clean rooms are listed in a previous call to provider.enable_multiprovider_computation. Requests that pass the evaluation are approved.

By default, all multiprovider requests must be handled using this procedure. If you prefer that requests are handled automatically, call provider.resume_multiprovider_tasks.

After the request is evaluated, the request and evaluation status are written to the

samp:: samooha_cleanroom_${CLEANROOM_NAME}.admin.request_log_multiprovider table (and the request is approved, if it passes the evaluation). You can see a list of requests and evaluation status by querying that table:

SELECT * FROM samooha_cleanroom_Samooha_Cleanroom_Multiprovider_Clean_Room_1.admin.request_log_multiprovider;

Copy

An approved request allows the same consumer to run the same query against the same data as many times as they like. If you later want to revoke permission, you must set the approved status to FALSE in the logging table:

UPDATE samooha_cleanroom_Samooha_Cleanroom_Multiprovider_Clean_Room_1.admin.request_log_multiprovider SET APPROVED=False WHERE <CONDITIONS>;

Copy

Arguments:

cleanroom_name (String) - The name of your clean room, which a consumer is asking to include in a multi-provider analysis.
consumer_account (String) - The consumer account locator of the user requesting multi-provider analysis. This locator must have been approved for this clean room and the other clean rooms listed in the request in a call to provider.enable_multiprovider_computation.
request_id (String) - Request ID to approve, from provider.view_multiprovider_requests. Alternatively, pass in “-1” to approve all pending requests. Calling this with a previously processed request will fail.

Returns: (String) Success or failure message.

Example:

CALL samooha_by_snowflake_local_db.provider.process_multiprovider_request($cleanroom_name_1, $consumer_account_locator, $request_id);

Copy

provider.view_multiprovider_requests¶

Description: Shows all requests for multi-provider analysis from a given account and clean room.

Arguments:

cleanroom_name (String) - Show requests that involve this clean room.
consumer_account (String) - Show requests from this consumer account.

Returns: (String) Success or failure message.

Example:

call samooha_by_snowflake_local_db.provider.process_multiprovider_request('my_cleanroom', [ 
    'prod_overlap_analysis:SAMOOHA_SAMPLE_DATABASE.DEMO.CUSTOMERS:HASHED_EMAIL',  
    'prod_overlap_analysis:SAMOOHA_SAMPLE_DATABASE.DEMO.CUSTOMERS:REGION_CODE' ]);

Copy

provider.suspend_multiprovider_tasks¶

Description:

Arguments:

cleanroom_name (String) -
consumer_account (String) -

Returns: (String) Success or failure message.

Example:

call samooha_by_snowflake_local_db.provider.process_multiprovider_request('my_cleanroom', [ 
    'prod_overlap_analysis:SAMOOHA_SAMPLE_DATABASE.DEMO.CUSTOMERS:HASHED_EMAIL',  
    'prod_overlap_analysis:SAMOOHA_SAMPLE_DATABASE.DEMO.CUSTOMERS:REGION_CODE' ]);

Copy

provider.resume_multiprovider_tasks¶

Description:

Arguments:

cleanroom_name (String) -
consumer_account (String) -

Returns: (String) Success or failure message.

Example:

call samooha_by_snowflake_local_db.provider.process_multiprovider_request('my_cleanroom', [ 
    'prod_overlap_analysis:SAMOOHA_SAMPLE_DATABASE.DEMO.CUSTOMERS:HASHED_EMAIL',  
    'prod_overlap_analysis:SAMOOHA_SAMPLE_DATABASE.DEMO.CUSTOMERS:REGION_CODE' ]);

Copy

Provider activation¶

Activation means exporting results to a provider, a consumer, or a third party. Read more about activation..

provider.set_activation_policy¶

Description: Defines which columns can be used within an activation template. Ensures that only columns approved by the provider can be used with the activation template.

Arguments:

cleanroom_name (String) - Name of the clean room where activation should be allowed.
columns (Array of string) - Only columns listed here can be used in an activation template in this clean room. Column name format is template_name:fully_qualified_table_name:column_name. Note the proper usage of dot . and colon : markers.

Returns: (String) Success or failure message.

Example:

call samooha_by_snowflake_local_db.provider.set_activation_policy('my_cleanroom', [ 
    'prod_overlap_analysis:SAMOOHA_SAMPLE_DATABASE.DEMO.CUSTOMERS:HASHED_EMAIL',  
    'prod_overlap_analysis:SAMOOHA_SAMPLE_DATABASE.DEMO.CUSTOMERS:REGION_CODE' ]);

Copy

Running analyses as a provider¶

Learn how to run a provider analysis.

provider.enable_provider_run_analysis¶

Description: Enables the provider (clean room creator) to run analyses in a specified clean room. This is disabled by default. The provider must still pass automated security checks for each analysis by calling provider.submit_analysis_request.

Learn more about provider-run analyses.

Important

This procedure must be called after provider.add_consumers, and before a consumer installs a clean room. If this is changed after a consumer has already installed their clean room, then the consumer must reinstall the clean room to reflect the new configuration.

Arguments:

cleanroom_name (String) - Name of the clean room that should enable provider-run analysis.
consumer_accounts (Array of string) - Account locators of all consumer accounts that have added data to this clean room.

Returns: (String) Success or failure message.

Example:

call samooha_by_snowflake_local_db.provider.enable_provider_run_analysis($cleanroom_name, ['<CONSUMER_ACCOUNT_LOCATOR>']);

Copy

provider.disable_provider_run_analysis¶

Description: Prevents the provider (clean room creator) from running an analysis in the clean room (this is disabled by default).

Important

This procedure must be called after provider.add_consumers, and before a consumer installs a clean room. If this is changed after a consumer has already installed their clean room, then they will need to reinstall the clean room to reflect the new configuration.

Arguments:

cleanroom_name (String) - Name of the clean room where provider-run analysis should be disabled.
consumer_account_locator (String) - Same list of consumer account names passed to provider.enable_provider_run_analysis.

Returns: (String) Success or failure message.

Example:

call samooha_by_snowflake_local_db.provider.disable_provider_run_analysis($cleanroom_name, ['<CONSUMER_ACCOUNT_LOCATOR>']);

Copy

library.is_provider_run_enabled¶

Description: Checks if this clean room allows provider-run analyses.

Arguments:

cleanroom_name (String) - Name of the clean room to check.

Returns: (String) Whether or not this clean room allows provider-run analyses.

Example:

call samooha_by_snowflake_local_db.library.is_provider_run_enabled($cleanroom_name)

Copy

provider.submit_analysis_request¶

Description: Asks permission from a consumer to run the specified template in the specified clean room. All of the following conditions must be met before calling this procedure:

The provider must have enabled provider-run analyses in this clean room.
The consumer must have approved provider-run analyses for the specified template.
All join and column policies on the consumer data and the template must be respected.

The template runs within the clean room and the results are stored securely inside the clean room. Results are encrypted so only the provider can see the results.

Arguments:

cleanroom_name (String) - Name of the clean room where the template should run.
consumer_account_locator (String) - Account locator of the consumer in this clean room who has allowed provider-run analyses by calling consumer.enable_templates_for_provider_run.
template_name (String) - Name of the template to run.
provider_tables (array) - List of provider tables to expose to the template. This list will populate the source_table array variable.
consumer_tables (array) - List of consumer tables to expose to the template. This list will populate the my_table array variable.
analysis_arguments (object) - JSON object where each key is an argument name used in the template you created.

Returns: (String) A request ID that is used to check the status of the request and also to access the results. Save this ID because you will need it to see the analysis results.

Example:

call samooha_by_snowflake_local_db.provider.submit_analysis_request(
    $cleanroom_name, 
    '<CONSUMER_ACCOUNT>',
    'prod_overlap_analysis', 
    ['SAMOOHA_SAMPLE_DATABASE.DEMO.CUSTOMERS'], 
    ['SAMOOHA_SAMPLE_DATABASE.DEMO.CUSTOMERS'], 
    object_construct(       
      'dimensions', ['c.REGION_CODE'],        
      'measure_type', ['AVG'],           
      'measure_column', ['c.DAYS_ACTIVE']                                         
    ));

Copy

provider.check_analysis_status¶

Description: The provider calls this procedure to check the status of the provider analysis request. There can be a significant delay before you can start seeing the status of a request. When an analysis is marked as complete, call provider.get_analysis_result to see the results.

Arguments:

cleanroom_name (String) - Name of the clean room where the request was made.
request_id (String) - ID of the request, returned by provider.submit_analysis_request.
consumer_account_locator (String) - Account locator of the consumer to whom the request was sent.

Returns: (String) Status of the request, where COMPLETED means a successful completion of the analysis.

Example:

-- It can take up to 2 minutes for this to pick up the request ID after the initial request
call samooha_by_snowflake_local_db.provider.check_analysis_status(
    $cleanroom_name, 
    $request_id, 
    '<CONSUMER_ACCOUNT>'
);

Copy

provider.get_analysis_result¶

Description: Get the results for a provider-run analysis. You must wait until the analysis status is listed as COMPLETED before you can get the results. The results persist in the clean room indefinitely.

Arguments:

cleanroom_name (String) - Name of the clean room for which the request was sent.
request_id (String) - ID of the request, returned by submit_analysis_request.
consumer_account_locator (String) - Account locator of the consumer passed in to submit_analysis_request.

Returns: (Table) Query results.

Example:

call samooha_by_snowflake_local_db.provider.get_analysis_result(
    $cleanroom_name, 
    $request_id, 
    $locator
);

Copy

Manage clean room sharing¶

Use the following commands to manage sharing a clean room with consumers.

provider.view_consumers¶

Description: Lists the consumers who are granted access to the clean room. It does not show whether a consumer has installed the clean room.

Arguments:

cleanroom_name (String) - The clean room of interest.

Returns: (Table) - List of consumer accounts that can access the clean room.

Example:

call samooha_by_snowflake_local_db.provider.view_consumers($cleanroom_name);

Copy

provider.add_consumers¶

Description: Grants the specified users access to the specified clean room. The clean room can be accessed both through the web app and the API. This does not overwrite the consumer lists from previous calls. Clean room access is granted to a specific user, not an entire account. Note that the consumer account must be in the same Snowflake region as the provider to be able to access a clean room. You can check your region by calling select current_region();

You can see the current list of consumers by calling provider.view_consumers.

Arguments:

cleanroom_name (String) - Name of the clean room to share with the specified users. Users can install the clean room using either the API or the web app.
consumer_account_locators (String) - A comma-delimited list of consumer account locators, as returned by CURRENT_ACCOUNT. This list should include the same number of entries, in the same order, as contained in consumer_account_names.
consumer_account_names (String) - A comma-delimited list of consumer account names in the format org_name.account_name Org name can be retrieved by calling CURRENT_ORGANIZATION_NAME. Account name can be retrieved by calling CURRENT_ACCOUNT_NAME. This list should include the same number of items, in the same order, as listed in consumer_account_locators.
enable_differential_privacy_tasks(boolean, optional, default: FALSE) - Whether or not to enable differential privacy for the listed users in this clean room. Differential privacy must be enabled for this clean room in order to specify TRUE.

Returns: (String) Success or failure message. Note that the procedure does not validate user locators or account names, so success indicates only that the submitted locators have been added to the database for this clean room.

Example 1:

call samooha_by_snowflake_local_db.provider.add_consumers($cleanroom_name, 'LOCATOR1,LOCATOR2', 'ORG1.NAME1,ORG2.NAME2');

Copy

provider.remove_consumers¶

Description: Removes account access to a given clean room. This method blocks access by all users in the provided accounts.

You can see the current list of consumers by calling provider.view_consumers.

Arguments:

cleanroom_name (String) - The ID of the clean room (not the user-friendly name).
cleanroom_account_locators (String) - A comma-delimited list of user account locators. All users in the account will lose access to the clean room.

Returns: (String) - Success or failure message.

Example:

call samooha_by_snowflake_local_db.provider.remove_consumers($cleanroom_name, 'locator1,locator2,locator3');

Copy

provider.set_cleanroom_ui_accessibility¶

Description: Shows or hides the clean room in the web app to all users logged in to this provider account.

Arguments:

cleanroom_name (String) - The name of the clean room.
visibility_status (String) - One of the following case-sensitive values:
- HIDDEN - Hides the clean room in the web app from all users in the current provider account. The clean room will still be accessible via API calls.
- EDITABLE - Makes the clean room visible in the web app.

Returns: (String) Success or failure message.

Example:

call samooha_by_snowflake_local_db.provider.set_cleanroom_ui_accessibility($cleanroom_name, 'HIDDEN');

Copy

provider.enable_laf_for_cleanroom¶

Description: Enables Cross-Cloud Auto-Fulfillment, which allows you to share the clean room with collaborators whose Snowflake account is in a different region from the provider’s account. Cross-Cloud Auto-Fulfillment is also known as Listing Auto-Fulfillment (LAF).

By default, Cross-Cloud Auto-Fulfillment is turned off for new clean rooms, even if it is enabled for the environment.

Important

A Snowflake administrator with the ACCOUNTADMIN role must enable Cross-Cloud Auto-Fulfillment in your Snowflake account before you can execute this command. For instructions for enabling Cross-Cloud Auto-Fulfillment in the Snowflake account, see Collaborate with accounts in different regions.

There are additional costs associated with collaborating with consumers in other regions. For more information about these costs, see Cross-Cloud Auto-Fulfillment costs.

Arguments:

cleanroom_name (String) - The name of the clean room that should be shared across regions. Cross-Cloud Auto-Fulfillment must be enabled for the account by an administrator before individual clean rooms can be shared.

Returns: (String) Success or failure message.

Example:

call samooha_by_snowflake_local_db.provider.enable_laf_for_cleanroom($cleanroom_name);

Copy

library.is_laf_enabled_on_account¶

Description: Returns whether Cross-Cloud Auto-Fulfillment is enabled for this account.

Returns: TRUE if Cross-Cloud Auto-Fulfillment is enabled for this account, FALSE otherwise.

Example:

call samooha_by_snowflake_local_db.library.is_laf_enabled_on_account();

Copy

Use Python in a clean room¶

provider.load_python_into_cleanroom¶

Description: Loads a custom Python function into the clean room. Code loaded into the clean room using this procedure is not visible to consumers. The uploaded code can be called by your Jinja template.

Learn how to upload and use Python code in a clean room.

This procedure increments the patch number of your clean room and triggers a security scan. You must wait for the scan status to be APPROVED before you can share the latest version with collaborators.

This procedure is overloaded, and has two signatures that differ in the data type of the fifth argument, which determines whether you are uploading the code inline or loading it from a file on a stage:

Signatures¶

Inline UDF upload:

(cleanroom_name String, function_name String, arguments Array, packages Array, rettype String, handler String, code String)

Copy

UDF upload from stage:

(cleanroom_name String, function_name String, arguments Array, packages Array, imports Array, rettype String, handler String)

Copy

Arguments:

cleanroom_name (String) - Name of the clean room where the script should be loaded.
function_name (String) - Name for this package. Use this name in your custom template to call the function specified by handler with any arguments described by arguments.
arguments(Array of string pairs) - An array of arguments required by function function_name. Each argument is a pair of space-delimited strings with the name of the argument and the argument SQL data type. This is used for user documentation and is not validated. For example: ‘size integer’, ‘month string’, ‘data variant’.
packages(Array of string) - List of Python package names used by the code. These must be standard Python packages; your UDFs cannot call other uploaded UDFs.
imports (Array of string with single element) - Present only when uploading your UDF from a stage. This is a string array with a single element: the stage address, relative to the stage to where you uploaded the code. The root stage path is available by calling provider.get_stage_for_python_files.
ret_type (String) - SQL data type of the value returned by the function handler. For example: ‘integer’, ‘variant’.
handler (String) - The entry point function in your code that should be called when a template calls function_name.
- For inline UDF this is the name of the function, for example: main.
- For code uploaded from a stage this is the name of the function qualified by the source file name, for example: myscript.main .
code (String) - Present only when uploading the UDF as inline code. This should be a Python UDF.

Returns: (String) Success or failure message.

Examples:

-- Inline UDF

call samooha_by_snowflake_local_db.provider.load_python_into_cleanroom(
    $cleanroom_name, 
    'assign_group',                      # Name of the UDF
    ['data variant', 'index integer'],   # Arguments of the UDF, along with their type
    ['pandas', 'numpy'],                 # Packages UDF will use
    'integer',                           # Return type of UDF
    'main',                              # Handler
    $$
import pandas as pd
import numpy as np

def main(data, index):
    df = pd.DataFrame(data)  # you can do something with df but this is just an example
    return np.random.randint(1, 100)
    $$
);

Copy

-- Upload from stage

call samooha_by_snowflake_local_db.provider.load_python_into_cleanroom(
    $cleanroom_name,
    'myfunc',                            # Name of the UDF
    ['data variant', 'index integer'],   # Arguments of the UDF
    ['numpy', 'pandas'],                 # Packages UDF will use
    ['/test_folder/assign_group.py'],    # Python file to import from a stage
    'integer',                           # Return type of UDF
    'assign_group.main'                  # Handler scoped to file name
);

Copy

provider.get_stage_for_python_files¶

Description: Returns the stage path where Python files should be uploaded, if you plan to use code files uploaded to a stage rather than inline code definitions to define custom Python code in a clean room. The stage does not exist, and can’t be examined, until after files are uploaded by calling provider.load_python_into_cleanroom.

Learn how to upload and use Python code in a clean room.

Arguments:

cleanroom_name (String) - Name of the clean room where you want to upload files.

Returns: (String) The path where you should upload code files. Use this for the imports argument in provider.load_python_into_cleanroom.

Example:

call samooha_by_snowflake_local_db.provider.get_stage_for_python_files($cleanroom_name);

Copy

provider.view_cleanrooom_scan_status¶

Description: Reports the threat scan status for a clean room with DISTRIBUTION set to EXTERNAL. The scan needs to be marked as “APPROVED” before you can set or change the default release directive. Scan status needs to be checked only with EXTERNAL clean rooms.

Arguments:

cleanroom_name (String) - Name of the clean room to check the status of.

Returns: (String) The scan status.

Example:

call samooha_by_snowflake_local_db.provider.view_cleanroom_scan_status($cleanroom_name);

Copy

Clean room metadata getter commands¶

Use the following commands to show relevant properties of the clean room.

provider.mount_request_logs_for_all_consumers¶

Description: Gives providers access to information coming back to the provider from the consumers of a clean room.

Arguments:

cleanroom_name (String) - Name of the clean room to mount request logs for.

Returns: (String) Success or failure message.

Example:

call samooha_by_snowflake_local_db.provider.mount_request_logs_for_all_consumers($cleanroom_name);

Copy

provider.view_request_logs¶

Description: Views the request logs being sent from consumers of this clean room. Before calling this for the first time, you must call mount_request_logs_for_all_consumers.

Arguments:

cleanroom_name (String) - Name of the clean room to review request logs for.

Returns: A set of logs recorded of the queries being run against the clean room (table)

Example:

call samooha_by_snowflake_local_db.provider.view_request_logs($cleanroom_name);

Copy

Differential privacy¶

These commands control differential privacy in the clean room. You can also specify differential privacy at the template or consumer level when calling provider.add_custom_sql_template or provider.add_consumers.

provider.is_dp_enabled_on_account¶

Description: Describes whether or not differential privacy is enabled for this account.

Arguments: None

Returns: TRUE if differential privacy is enabled for this account, FALSE otherwise.

Example:

call samooha_by_snowflake_local_db.provider.is_dp_enabled_on_account();

Copy

provider.suspend_account_dp_task¶

Description: Disables the task that listens for differential privacy signals. This is used to control the costs associated with differential privacy in your account. If the differential privacy task is disabled, differential privacy may or may not continue to operate in any existing templates where differential privacy is specified, although you will not incur costs from differential privacy. Learn more about managing differential privacy.

Arguments: None

Returns: (String) Success or failure message.

Example:

call samooha_by_snowflake_local_db.provider.suspend_account_dp_task();

Copy

provider.resume_account_dp_task¶

Description: Resumes the differential privacy task listener in the current account. Templates with differential privacy will begin to function again. Any differential privacy values previously set (such as sensitivity or associated users) are retained.

Arguments: None

Returns: (String) Success or failure message.

Example:

call samooha_by_snowflake_local_db.provider.resume_account_dp_task();

Copy

General helper commands¶

Use the following commands to generally assist in leveraging clean room functionality and supported flows.

library.enable_local_db_auto_upgrades¶

Description: Enables the task, samooha_by_snowflake_local_db.admin.expected_version_task, that automatically upgrades the Snowflake Data Clean Rooms Native App when new versions are released. Although you might reduce cost by disabling this task, we recommend leaving it running to ensure that you have the latest version of the clean rooms native app on your system.

Arguments: None

Returns: (String) Success or failure message.

Example:

call samooha_by_snowflake_local_db.library.enable_local_db_auto_upgrades();

Copy

library.disable_local_db_auto_upgrades¶

Description: Disables the task, samooha_by_snowflake_local_db.admin.expected_version_task, that automatically upgrades the Snowflake Data Clean Rooms Native App when new versions are released.

**Arguments:**None

Returns: (String) Success or failure message.

Example:

call samooha_by_snowflake_local_db.library.disable_local_db_auto_upgrades();

Copy

Deprecated procedures¶

The following procedures are deprecated and listed here only for completeness. If a replacement procedure is indicated, use the newer procedure.

provider.view_ui_registration_request_log – DEPRECATED¶

Attention

This command is now deprecated. You no longer need to manually register a clean room template for use in the web app.

Description: Views the list of requests raised from the account to register clean rooms into the web app. Each request has an associated ID that can be used in conjunction with the view_ui_registration_log procedure to view the status of the requests. The requests are shared to the backend where they are processed and the clean room is added into the clean room.

Arguments:

Returns: (String) Success or failure message.

Example:

call samooha_by_snowflake_local_db.provider.view_ui_registration_request_log();

Copy

library.register_table_or_view – Deprecated¶

Attention

This command is now deprecated. Use library.register_objects instead.

Description: Registers tables and views of all types.

**Arguments:**object_names (array), is_view (boolean), is_iceberg (boolean), is_external (boolean), is_under_managed_access_schema (boolean)

Returns: (String) Success or failure message.

Examples

To register a table:

call samooha_by_snowflake_local_db.library.register_table_or_view(
    ['SAMOOHA_SAMPLE_DATABASE.DEMO.CUSTOMERS'],
    false,
    false,
    false,
    false);

Copy

To register an Iceberg table:

call samooha_by_snowflake_local_db.library.register_table_or_view(
        ['SAMOOHA_SAMPLE_DATABASE.DEMO.CUSTOMERS'], 
        false, 
        true,
        false,
        false);

Copy

library.register_table – Deprecated¶

Attention

This command is now deprecated. Use library.register_objects instead.

Description: Similar to register_db, but operates at a table level. Grant SELECT privilege on this table to the SAMOOHA_APP_ROLE role, enabling the user to link the table into the clean room.

If you want to register tables in a managed access schema (that is, a schema created using the WITH MANAGED ACCESS parameter), use library.register_managed_access_table instead.

**Arguments:**table_name (array)

Returns: (String) Success or failure message.

Example:

call samooha_by_snowflake_local_db.library.register_table(['SAMOOHA_SAMPLE_DATABASE.DEMO.CUSTOMERS']);

Copy

library.register_managed_access_table – Deprecated¶

Attention

This command is now deprecated. Use library.register_objects instead.

Description: Similar to register_table, but registers tables in a schema that was created using the WITH MANAGED ACCESS parameter. An array or string representing the fully qualified table name can be passed in, and grant selects to the SAMOOHA_APP_ROLE role are made, enabling the user to link the table into the clean room.

**Arguments:**table_name (array)

Returns: (String) Success or failure message.

Example:

call samooha_by_snowflake_local_db.library.register_managed_access_table(['SAMOOHA_SAMPLE_DATABASE.DEMO.CUSTOMERS']);

Copy

library.register_view – Deprecated¶

Attention

This command is now deprecated. Use library.register_objects instead.

Description: Similar to register_db, but operates at a view level. An array or string representing the fully qualified view name can be passed in, and grant selects to the SAMOOHA_APP_ROLE role are made, enabling the user to link the view into the clean room.

If you want to register views in a managed access schema (that is, a schema created using the WITH MANAGED ACCESS parameter), use library.register_managed_access_view instead.

**Arguments:**view_name (array)

Returns: (String) Success or failure message.

Example:

call samooha_by_snowflake_local_db.library.register_view(['SAMOOHA_SAMPLE_DATABASE.DEMO.CUSTOMERS']);

Copy

library.register_managed_access_view – Deprecated¶

Attention

This command is now deprecated. Use library.register_objects instead.

Description: Similar to register_view, but registers views in a schema that was created using the WITH MANAGED ACCESS parameter. An array or string representing the fully qualified view name can be passed in, and grant selects to the SAMOOHA_APP_ROLE role are made, enabling the user to link the view into the clean room.

**Arguments:**view_name (array)

Returns: (String) Success or failure message.

Example:

call samooha_by_snowflake_local_db.library.register_managed_access_view(['SAMOOHA_SAMPLE_DATABASE.DEMO.CUSTOMERS']);

Copy

library.unregister_table_or_view – Deprecated¶

Attention

This command is now deprecated. Use library.unregister_objects instead.

Description: Unregisters tables and views of all types.

**Arguments:**object_names (array), is_view (boolean), is_iceberg (boolean), is_external (boolean), is_under_managed_access_schema (boolean)

Returns: (String) Success or failure message.

Examples

To unregister a table:

call samooha_by_snowflake_local_db.library.unregister_table_or_view(
    ['SAMOOHA_SAMPLE_DATABASE.DEMO.CUSTOMERS'],
    false,
    false,
    false,
    false);

Copy

library.unregister_table – Deprecated¶

Attention

This command is now deprecated. Use library.unregister_objects instead.

Description: Similar to unregister_db, but operates at a table level. An array or string representing the fully qualified table name can be passed in to unregister the tables. Users cannot link unregistered tables into a clean room.

If you want to unregister tables in a managed access schema (that is, a schema created using the WITH MANAGED ACCESS parameter), use library.unregister_managed_access_table instead.

**Arguments:**table_name (array)

Returns: (String) Success or failure message.

Example:

call samooha_by_snowflake_local_db.library.unregister_table(['SAMOOHA_SAMPLE_DATABASE.DEMO.CUSTOMERS']);

Copy

library.unregister_managed_access_table – Deprecated¶

Attention

This command is now deprecated. Use library.unregister_objects instead.

Description: Similar to unregister_table, but unregisters tables in a managed access schema (that is, a schema created using the WITH MANAGED ACCESS parameter).

**Arguments:**table_name (array)

Returns: (String) Success or failure message.

Example:

call samooha_by_snowflake_local_db.library.unregister_managed_access_table(['SAMOOHA_SAMPLE_DATABASE.DEMO.CUSTOMERS']);

Copy

library.unregister_view – Deprecated¶

Attention

This command is now deprecated. Use library.unregister_objects instead.

Description: Similar to unregister_db, but operates at a view level. An array or string representing the fully qualified view name can be passed in to unregister the views. Users cannot link unregistered views into a clean room.

If you want to unregister views in a managed access schema (that is, a schema created using the WITH MANAGED ACCESS parameter), use library.unregister_managed_access_view instead.

**Arguments:**view_name (array)

Returns: (String) Success or failure message.

Example:

call samooha_by_snowflake_local_db.library.unregister_view(['SAMOOHA_SAMPLE_DATABASE.DEMO.CUSTOMERS']);

Copy

library.unregister_managed_access_view – Deprecated¶

Attention

This command is now deprecated. Use library.unregister_objects instead.

Description: Similar to unregister_view, but unregisters views in a managed access schema (that is, a schema created using the WITH MANAGED ACCESS parameter).

**Arguments:**view_name (array)

Returns: (String) Success or failure message.

Example:

call samooha_by_snowflake_local_db.library.unregister_managed_access_view(['SAMOOHA_SAMPLE_DATABASE.DEMO.CUSTOMERS']);

Copy

provider.create_cleanroom_listing – Deprecated¶

Attention

This command is now deprecated. Use provider.create_or_update_cleanroom_listing instead.

Description: After a clean room has been configured, creates a private listing with the clean room on the Snowflake Marketplace and shares it with the specified collaborators.

You identify the collaborator using the orgname.account_name format of their account URL. The consumer can find this string by following the instructions in Finding the organization and account name for an account.

Note

To use this procedure, you need to have set the release directive. For more information, see provider.set_default_release_directive.

Arguments: cleanroom_name (String), consumer_account_name (String)

Returns: (String) Success or failure message.

Example:

call samooha_by_snowflake_local_db.provider.create_cleanroom_listing($cleanroom_name, <consumerorg.consumeracct>);

Copy

provider.register_cleanroom_in_ui – DEPRECATED¶

Attention

This command is now deprecated. You no longer need to manually register a clean room template for use in the web app.

Description: Registers a clean room for use in the web app by the consumer. The clean room is created and configured by the provider using developer APIs. This command then registers it into the web app for consumers to install, add their table, and run any custom analyses you’ve added without needing to use developer APIs. They work with the clean room entirely through the user interface of the web app.

You can call this API more than once to include multiple custom templates in the web app.

**Arguments:**cleanroom_name (String), template name (String), consumer_account_locator (String), user_email (String)

Returns: (String) Success or failure message.

Example:

call samooha_by_snowflake_local_db.provider.register_cleanroom_in_ui($cleanroom_name, 'prod_custom_template', <CONSUMER ACCOUNT LOCATOR>, <USER_EMAIL>)

Copy

Snowflake Data Clean Rooms: Provider API reference guide¶

Overview¶

Requirements¶

Create, configure, and delete clean rooms¶

provider.view_cleanrooms¶

provider.describe_cleanroom¶

provider.cleanroom_init¶

provider.set_default_release_directive¶

provider.drop_cleanroom¶

provider.enable_consumer_run_analysis¶

provider.disable_consumer_run_analysis¶

library.is_consumer_run_enabled¶

provider.create_or_update_cleanroom_listing¶

provider.add_ui_form_customizations¶

Register and unregister data¶

provider.register_db¶

library.register_schema¶

library.register_managed_access_schema¶

library.register_objects¶

library.unregister_db¶

library.unregister_schema¶

library.unregister_managed_access_schema¶

library.unregister_objects¶

Link data and tables¶

provider.view_provider_datasets¶

provider.link_datasets¶

provider.unlink_datasets¶

provider.view_provider_datasets¶

provider.restrict_table_options_to_consumers¶

Manage join policies¶

provider.view_join_policy¶

provider.set_join_policy¶

Manage provider templates¶

provider.view_added_templates¶

provider.view_template_definition¶

provider.add_templates¶

provider.clear_template¶

provider.clear_all_templates¶

provider.set_column_policy¶

provider.view_column_policy¶

provider.add_custom_sql_template¶

provider.restrict_template_options_to_consumers¶

Consumer-defined templates¶

provider.list_template_requests¶

provider.approve_template_request¶

provider.reject_template_request¶

Template chains¶

provider.add_template_chain¶

provider.view_added_template_chains¶

provider.view_template_chain_definition¶

provider.clear_template_chain¶

provider.clear_all_template_chains¶

Multi-provider analysis¶

provider.enable_multiprovider_computation¶

provider.process_multiprovider_request¶

provider.view_multiprovider_requests¶

provider.suspend_multiprovider_tasks¶

provider.resume_multiprovider_tasks¶

Provider activation¶

provider.set_activation_policy¶

provider.request_provider_activation_consent¶

Running analyses as a provider¶

provider.enable_provider_run_analysis¶

provider.disable_provider_run_analysis¶

library.is_provider_run_enabled¶

provider.submit_analysis_request¶

provider.check_analysis_status¶

provider.get_analysis_result¶

Manage clean room sharing¶

provider.view_consumers¶

provider.add_consumers¶

provider.remove_consumers¶

provider.set_cleanroom_ui_accessibility¶

provider.enable_laf_for_cleanroom¶

library.is_laf_enabled_on_account¶

Use Python in a clean room¶

provider.load_python_into_cleanroom¶

Signatures¶

provider.get_stage_for_python_files¶

provider.view_cleanrooom_scan_status¶