December 2022

The following new features, behavior changes, and updates (enhancements, fixes, etc.) have been introduced this month. If you have any questions about these additions, please contact Snowflake Support.

Important

Each release may include updates that require the web interface to be refreshed.

As a general practice, to ensure these updates do not impact your usage, we recommend refreshing the web interface after each Snowflake release has been deployed.

New Features

Access Control: Database Roles — Preview

With this release, we are pleased to announce preview support for database roles. Database roles are entities within a database to which privileges on securable objects in the same database can be granted and revoked. This feature is implemented via a new Snowflake object type, database role. Database roles are essentially the same as traditional roles created at the account level except for their scope. Privileges on any object in an account can be granted to account roles, but only privileges on objects within the same database can be granted to a database role.

Database roles are intended to satisfy the following use cases:

Ease of management

Database owners can independently manage access to securable objects within their own databases. Database owners can perform the following actions:

  • Create and manage database roles.

  • Grant privileges to database roles.

    Privileges on objects granted to the database roles must be scoped to objects contained in the database where the role exists. Privileges on objects in one database (e.g. tables or views) cannot be granted to database roles in another database.

    Any privilege, including OWNERSHIP, can be granted to database roles on objects in a database. Note that only an account role can hold the OWNERSHIP privilege on the database itself.

  • Create or extend role hierarchies. Grant database roles to other database roles within the same database, and then grant the highest-level database roles in a database to account roles. For more information, refer to Database roles and role hierarchies.

Note that granting a database role to an account role implicitly grants the USAGE privilege on the database that contains the database role. Granting the USAGE privilege on the database explicitly is not required.

Data Sharing

Data providers using Snowflake’s Secure Data Sharing feature can segment the securable objects in a share by creating multiple database roles in a database to share and granting privileges on a subset of the objects in the database to each database role.

After creating a database from a share that includes database roles, data consumers grant each shared database role to one or more account-level roles in their own account.

Without database roles, account administrators in data consumer accounts grant a single privilege, IMPORTED PRIVILEGES, to roles to allow their users to access all databases and database objects (tables, secure views, etc.) in a share. There is no option to allow different groups of users in a data consumer account to access a subset of the shared objects. This all or nothing approach requires data providers to create multiple shares to grant access to different objects in the same databases.

Note

Currently, database roles are not included in the replication of a primary database. As a result, cross-region data sharing is not supported when objects are granted to a share via database roles.

For details, refer to database roles.

Access Control: SNOWFLAKE Database Roles — Preview

With this release, we are pleased to announce preview support for SNOWFLAKE database roles. SNOWFLAKE database roles implement the concept of general database roles, but specifically for the SNOWFLAKE database. SNOWFLAKE database roles define a set of roles which can be used to provide fine grained access to the ACCOUNT_USAGE schema, READER_ACCOUNT_USAGE schema, ORGANIZATION_USAGE schema, DATA_SHARING_USAGE schema, and more.

SNOWFLAKE database roles will be rolled out to all accounts over the course of the week of December 12th, 2022. For more information refer to SNOWFLAKE database roles.

Snowflake Extension for Visual Studio Code — Preview

With this release, we are pleased to announce the preview of the Snowflake Extension for Visual Studio Code (VS Code). The Snowflake Extension for Visual Studio Code allows developers to access Snowflake from within the VS Code environment. The extension enables you to connect to Snowflake, write and execute sql queries, and view results without leaving VS Code. After sign-in, you’ll be able to see and change your active database, schema, role, and warehouse.

Snowflake Intellisence provides autocomplete support for database object names, built-in functions, and Snowflake SQL keywords. Using Intellisense, database, schema, and table name suggestions display as you type your query. Single or groups of queries can be executed, with results provided directly within VS Code itself.

For more information, refer to Snowflake Extension for Visual Studio Code.

Security Updates

Session Policies — Generally Available

With this release, Snowflake is pleased to announce the general availability of session policies. A session policy defines the idle session timeout period in minutes and provides the opportunity to override the default idle session timeout value of 4 hours. The idle session timeout refers to a period of inactivity with either the Snowflake web interface or client applications using Snowflake clients (e.g. SnowSQL, JDBC driver). When the idle session timeout period expires, users must re-authenticate to Snowflake.

The session policy can be set for an account or user and supports configurable idle timeout periods to address compliance requirements. If a user is associated with both an account and user-level session policy, the user-level session policy takes precedence.

This feature was announced in preview in November 2021. For more information, refer to Snowflake Sessions & Session Policies.

SQL Updates

New SQL Functions

The following function(s) were introduced in recent releases:

Function Category

New Function

Description

System Functions (Query), Table Functions

GET_QUERY_OPERATOR_STATS

Returns statistics about individual query operators within a query.

ALTER TAG Command: Add the FORCE Keyword to Replace a Masking Policy on a Tag in a Single Statement

Syntax

Keyword

Description

ALTER TAG <name> SET MASKING POLICY <masking_policy_name> [ FORCE ]

FORCE

Replaces a masking policy that is currently set on a tag with a different masking policy in a single statement.

Note that using the FORCE keyword replaces the policy when a policy of the same data type is already set on the tag.

If a masking policy is not currently set on the tag, specifying this keyword has no effect.

Data Governance Updates

Replace a Masking Policy on a Tag in a Single Statement

With this release, Snowflake adds support to specify the FORCE keyword when replacing a masking policy that is currently set on a tag in a single statement with an ALTER TAG command. Prior to the FORCE keyword being available, replacing a masking policy on a tag required two separate statements:

  • Unset the existing policy.

  • Set the new policy.

Using the FORCE keyword removes the time interval between the UNSET and SET operations to ensure that column data remains protected while replacing a masking policy on a tag.

For details, refer to:

Documentation and Learning Resources

Table of Contents (TOC) Updates

To make it easier for developers to find content, we’ve introduced the following TOC changes:

Top-level Entry

Second-level Entry

Third-level Entry

Change

Developing Applications with Snowflake

Introduction to Developing Applications in Snowflake

Removed.

Overview of Connectors, Drivers, and Client APIs

Removed.

UDFs

Moved to: Application and Extension Development » Extending Snowflake with Functions and Procedures

Snowpark

Moved to: Snowpark API

External Functions

Moved to: Application and Extension Development » Extending Snowflake with Functions and Procedures

Stored Procedures

Moved to: Application and Extension Development » Extending Snowflake with Functions and Procedures

Protecting Sensitive Information with Secure UDFs and Stored Procedures

Moved to: Application and Extension Development » Extending Snowflake with Functions and Procedures » Design Guidelines and Constraints for Functions and Procedures

Pushdown Optimization and Data Visibility

Moved to: Application and Extension Development » Extending Snowflake with Functions and Procedures » Design Guidelines and Constraints for Functions and Procedures

Snowflake Scripting

Moved to: Snowflake Scripting Developer Guide

Connecting to Snowflake

Connectors & Drivers

Snowflake Connector for Kafka

Moved to: Application and Extension Development » Using Snowflake with Kafka and Spark

Snowflake Connector for Spark

Moved to: Application and Extension Development » Using Snowflake with Kafka and Spark

Snowflake Connector for Python

Moved to: Application and Extension Development » Drivers

Node.js Driver

Moved to: Application and Extension Development » Drivers

Go Snowflake Driver

Moved to: Application and Extension Development » Drivers

.NET Driver

Moved to: Application and Extension Development » Drivers

JDBC Driver

Moved to: Application and Extension Development » Drivers

ODBC Driver

Moved to: Application and Extension Development » Drivers

PHP PDO Driver for Snowflake

Moved to: Application and Extension Development » Drivers

Snowflake SQL API

Moved to: Snowflake SQL API

Language: English