DOCUMENTATION
/
Getting Started
Guides
Developer
Reference
Releases
Tutorials
Snowflake Open Catalog
Status
  1. Overview
    • Snowflake Horizon Catalog
      • Applications and tools for connecting to Snowflake
      • Virtual warehouses
      • Databases, Tables, & Views
      • Data types
        • Data Integration
          1. Snowflake Openflow
            1. About Openflow
              • Understanding Openflow costs
                • Set up Openflow
                  • Connect your data sources using Openflow connectors
                    1. About Openflow connectors
                      • Openflow Connector for Amazon Ads
                        1. About the connector
                          • Set up the connector
                          • Openflow Connector for Box
                            1. About the connector
                              • Set up the connector
                              • Openflow Connector for Excel
                                1. About the connector
                                  • Set up the connector
                                  • Openflow Connector for Google Ads
                                    1. About the connector
                                      • Set up the connector
                                      • Openflow Connector for Google Drive
                                        1. About the connector
                                          • Set up the connector
                                          • Openflow Connector for Google Sheets
                                            1. About the connector
                                              • Set up the connector
                                              • Openflow Connector for HubSpot
                                                1. About the connector
                                                  • Set up the connector
                                                  • Openflow Connector for Jira Cloud
                                                    1. About the connector
                                                      • Set up the connector
                                                      • Openflow Connector for Kafka
                                                        1. About the connector
                                                          • Set up the connector
                                                          • Openflow Connector for Snowflake to Kafka
                                                            1. About the connector
                                                              • Set up the connector
                                                              • Openflow Connector for Kinesis
                                                                1. About the connector
                                                                  • Set up the connector
                                                                  • Openflow Connector for LinkedIn Ads
                                                                    1. About the connector
                                                                      • Set up the connector
                                                                      • Openflow Connector for Meta Ads
                                                                        1. About the connector
                                                                          • Set up the connector
                                                                          • Openflow Connector for Microsoft Dataverse
                                                                            1. About the connector
                                                                              • Set up the connector
                                                                              • Openflow Connector for MySQL
                                                                                1. About the connector
                                                                                  • Set up the connector
                                                                                  • Openflow Connector for PostgreSQL
                                                                                    1. About the connector
                                                                                      • Set up the connector
                                                                                      • Openflow Connector for SharePoint
                                                                                        1. About the connector
                                                                                          • Set up the connector
                                                                                          • Openflow Connector for Slack
                                                                                            1. About the connector
                                                                                              • Set up the connector
                                                                                              • Openflow Connector for SQL Server
                                                                                                1. About the connector
                                                                                                  • Set up the connector
                                                                                                  • Openflow Connector for Workday
                                                                                                    1. About the connector
                                                                                                      • Set up the connector
                                                                                                    2. Manage Openflow
                                                                                                      • Monitor Openflow
                                                                                                        • Troubleshoot Openflow
                                                                                                          • Processors
                                                                                                            • Controllers
                                                                                                          • Data Loading
                                                                                                          • Dynamic Tables
                                                                                                          • Streams and Tasks
                                                                                                          • Data Unloading
                                                                                                          • Migration Tools
                                                                                                          • Queries
                                                                                                          • Listings
                                                                                                          • Collaboration
                                                                                                          • Snowflake AI & ML
                                                                                                          • Alerts & Notifications
                                                                                                          • Security
                                                                                                              1. Authentication
                                                                                                              2. Authentication policies
                                                                                                                • Multi-factor authentication (MFA)
                                                                                                                • Federated authentication and SSO
                                                                                                                • Key-pair authentication and rotation
                                                                                                                • Programmatic access tokens
                                                                                                                  • OAuth
                                                                                                                      1. Snowflake OAuth
                                                                                                                          1. Partner applications
                                                                                                                            • Custom client integration
                                                                                                                              • Managing user consent
                                                                                                                            • External OAuth
                                                                                                                        • API authentication and secrets
                                                                                                                          • Network policies and network rules
                                                                                                                          • Network policies
                                                                                                                            • Network rules
                                                                                                                              • Private connectivity
                                                                                                                              • Inbound private connectivity
                                                                                                                              • Outbound private connectivity
                                                                                                                              • Administration and authorization
                                                                                                                              • Trust Center
                                                                                                                              • Sessions and session policies
                                                                                                                              • SCIM support
                                                                                                                              • Access control
                                                                                                                              • Encryption
                                                                                                                          • Data Governance
                                                                                                                          • Privacy
                                                                                                                          • Organizations & Accounts
                                                                                                                          • Business continuity & data recovery
                                                                                                                          • Performance Optimization
                                                                                                                          • Cost & Billing
                                                                                                                          GuidesSecurityOAuthSnowflake OAuthManaging user consent

                                                                                                                          Managing user consent for OAuth¶

                                                                                                                          This topic describes how to manage delegated authorizations for OAuth, that is, user consent given to one or more clients associated with Snowflake integrations for a specified role.

                                                                                                                          Adding delegated authorizations¶

                                                                                                                          Adding a delegated authorization to a user pre-authorizes consent to initiate a session using a specified role for a particular integration. Without the delegated authorization, the user must authorize consent for the role after authentication. Note that a delegated authorization only bypasses the authorization step for a given role; a user must always authenticate to request an authorization code.

                                                                                                                          The ability to add delegated authorizations is limited to custom clients. For public clients (that is, Tableau Cloud or Desktop), Snowflake always displays the confirmation dialog for a given role.

                                                                                                                          Add user consent for a role using ALTER USER with the ADD DELEGATED AUTHORIZATION keywords:

                                                                                                                          ALTER USER <username> ADD DELEGATED AUTHORIZATION
                                                                                                                              OF ROLE <role_name>
                                                                                                                              TO SECURITY INTEGRATION <integration_name>;
                                                                                                                          
                                                                                                                          Copy

                                                                                                                          Where:

                                                                                                                          username

                                                                                                                          Specifies the user whose consent you are adding.

                                                                                                                          role_name

                                                                                                                          Specifies the role associated with the access token.

                                                                                                                          integration_name

                                                                                                                          Specifies the integration associated with the access tokens for a specific client.

                                                                                                                          Note

                                                                                                                          Only security administrators (that is, users with the SECURITYADMIN role) or higher can execute this SQL command.

                                                                                                                          For example, add user consent for the CUSTOM1 role to user JANE.SMITH for the MYINT integration:

                                                                                                                          ALTER USER jane.smith ADD DELEGATED AUTHORIZATION
                                                                                                                              OF ROLE custom1
                                                                                                                              TO SECURITY INTEGRATION myint;
                                                                                                                          
                                                                                                                          Copy

                                                                                                                          Viewing delegated authorizations¶

                                                                                                                          List the active delegated authorizations for which you have access privileges, using SHOW DELEGATED AUTHORIZATIONS:

                                                                                                                          SHOW DELEGATED AUTHORIZATIONS;
                                                                                                                          
                                                                                                                          +-------------------------------+-----------+-----------+-------------------+--------------------+
                                                                                                                          | created_on                    | user_name | role_name | integration_name  | integration_status |
                                                                                                                          +-------------------------------+-----------+-----------+-------------------+--------------------+
                                                                                                                          | 2018-11-27 07:43:10.914 -0800 | JSMITH    | PUBLIC    | MY_OAUTH_INT      | ENABLED            |
                                                                                                                          +-------------------------------+-----------+-----------+-------------------+--------------------+
                                                                                                                          
                                                                                                                          Copy

                                                                                                                          List the active delegated authorizations for a specified user. Users can list their own delegated authorizations; otherwise, this command variant requires the OWNERSHIP privilege on the user.

                                                                                                                          SHOW DELEGATED AUTHORIZATIONS
                                                                                                                              BY USER <username>;
                                                                                                                          
                                                                                                                          Copy

                                                                                                                          List the active delegated authorizations for a specified integration. This command variant requires the OWNERSHIP privilege on the integration (that is, the ACCOUNTADMIN role):

                                                                                                                          SHOW DELEGATED AUTHORIZATIONS
                                                                                                                              TO SECURITY INTEGRATION <integration_name>;
                                                                                                                          
                                                                                                                          Copy

                                                                                                                          Revoking delegated authorizations¶

                                                                                                                          A user can revoke consent from a specified integration. This has the effect of revoking any access token associated with the integration.

                                                                                                                          To revoke user consent for a given integration, execute the ALTER USER … REMOVE DELEGATED AUTHORIZATIONS command.

                                                                                                                          Note

                                                                                                                          Only security administrators (that is, users with the SECURITYADMIN role) or higher can execute this SQL command.

                                                                                                                          ALTER USER <username>
                                                                                                                            REMOVE DELEGATED AUTHORIZATIONS
                                                                                                                            FROM SECURITY INTEGRATION <integration_name>
                                                                                                                          
                                                                                                                          Copy

                                                                                                                          To revoke user consent associated with a specific role, include the OF ROLE role_name parameter in the statement:

                                                                                                                          ALTER USER <username>
                                                                                                                            REMOVE DELEGATED AUTHORIZATION OF ROLE <role_name>
                                                                                                                            FROM SECURITY INTEGRATION <integration_name>
                                                                                                                          
                                                                                                                          Copy

                                                                                                                          Where:

                                                                                                                          username

                                                                                                                          Specifies the user whose consent you are revoking.

                                                                                                                          role_name

                                                                                                                          Specifies the role associated with the access token.

                                                                                                                          integration_name

                                                                                                                          Specifies the integration associated with the access tokens for a specific client.

                                                                                                                          For example, remove user consent for the CUSTOM1 role from user JANE.SMITH for the MYINT integration:

                                                                                                                          ALTER USER jane.smith
                                                                                                                            REMOVE DELEGATED AUTHORIZATION OF ROLE custom1
                                                                                                                            FROM SECURITY INTEGRATION myint;
                                                                                                                          
                                                                                                                          Copy

                                                                                                                          Was this page helpful?

                                                                                                                          Visit Snowflake
                                                                                                                          Join the conversation
                                                                                                                          Develop with Snowflake
                                                                                                                          Share your feedback
                                                                                                                          Read the latest on our blog
                                                                                                                          Get your own certification
                                                                                                                          Privacy NoticeSite Terms© 2025 Snowflake, Inc. All Rights Reserved.
                                                                                                                          1. Adding delegated authorizations
                                                                                                                          2. Viewing delegated authorizations
                                                                                                                          3. Revoking delegated authorizations
                                                                                                                          Language: English
                                                                                                                          • English
                                                                                                                          • Français
                                                                                                                          • Deutsch
                                                                                                                          • 日本語
                                                                                                                          • 한국어
                                                                                                                          • Português