Snowflake Cortex AI Functions Model RBAC Rollout (Preview)¶
Attention
This behavior change is in the 2026_02 bundle.
For the current status of the bundle, refer to Bundle history.
The following Snowflake Cortex AI Functions now fully enforce model access controls through both the CORTEX_MODELS_ALLOWLIST
parameter and model role-based access control (RBAC):
AI_TRANSCRIBE/SNOWFLAKE.CORTEX.TRANSCRIBEAI_EXTRACT/SNOWFLAKE.CORTEX.EXTRACTAI_SENTIMENT/SNOWFLAKE.CORTEX.SENTIMENT/SNOWFLAKE.CORTEX.ENTITY_SENTIMENTAI_TRANSLATE/SNOWFLAKE.CORTEX.TRANSLATECLASSIFY_TEXTSUMMARIZEEXTRACT_ANSWERAI_PARSE_DOCUMENT/SNOWFLAKE.CORTEX.PARSE_DOCUMENTAI_REDACT
- Before the change:
Model access controls,
CORTEX_MODELS_ALLOWLISTand model RBAC, were fully enforced forAI_COMPLETE/SNOWFLAKE.CORTEX.COMPLETE,AI_CLASSIFY,AI_FILTER,AI_AGG, andAI_SUMMARIZE_AGG.For the preceding Snowflake Cortex AI Functions, model access controls were not enforced. Queries using these functions could succeed even when the underlying model was restricted by
CORTEX_MODELS_ALLOWLISTor model RBAC.- After the change:
When you call any of the listed Snowflake Cortex AI Functions, Snowflake will:
Check model RBAC first: If the calling role has usage on the corresponding model object (for example, via
SNOWFLAKE."CORTEX-MODEL-ROLE-ARCTIC-TRANSLATE"), the call is allowed.If no model object access is found, check
CORTEX_MODELS_ALLOWLIST: If the underlying model or alias is listed inCORTEX_MODELS_ALLOWLIST, or ifCORTEX_MODELS_ALLOWLIST = 'All', the call is allowed.Otherwise, the call fails with a model-authorization error.
This aligns behavior across all listed Snowflake Cortex AI Functions and ensures that your existing model restrictions are respected consistently.
Note
If you’re affected by this change:
You’re affected if you’ve set the
CORTEX_MODELS_ALLOWLISTparameter to a different value from the defaultAllvalue and you use any of the preceding Snowflake Cortex AI Functions.If you haven’t changed the value for the allowlist parameter and you’re not using model RBAC, you won’t see any behavioral changes.
If you’ve customized
CORTEX_MODELS_ALLOWLIST, affected queries might start failing with a model-authorization error unless:The underlying model or its function-specific alias is permitted by
CORTEX_MODELS_ALLOWLIST, orThe role executing the query has the corresponding model application role.
To prepare for this change:
Check which affected functions you use:
SELECT DISTINCT FUNCTION_NAME FROM SNOWFLAKE.ACCOUNT_USAGE.CORTEX_AISQL_USAGE_HISTORY WHERE USAGE_TIME >= DATEADD(day, -90, CURRENT_TIMESTAMP()) AND FUNCTION_NAME IN ( 'AI_TRANSCRIBE', 'TRANSCRIBE', 'AI_EXTRACT', 'AI_SENTIMENT', 'SENTIMENT', 'ENTITY_SENTIMENT', 'AI_TRANSLATE', 'TRANSLATE', 'CLASSIFY_TEXT', 'SUMMARIZE', 'EXTRACT_ANSWER', 'AI_PARSE_DOCUMENT', 'PARSE_DOCUMENT', 'AI_REDACT' ) ORDER BY FUNCTION_NAME;
Review your current model governance settings:
SHOW PARAMETERS LIKE 'CORTEX_MODELS_ALLOWLIST' IN ACCOUNT;
If using an allowlist (not
All), add the required model aliases for the functions you use. Common model aliases include:arctic-translate(forAI_TRANSLATE)arctic-transcribe(forAI_TRANSCRIBE)arctic-extract(forAI_EXTRACT)arctic-parse-document(forAI_PARSE_DOCUMENT)arctic-extract-answer(forEXTRACT_ANSWER)arctic-sentiment(forAI_SENTIMENT)arctic-summarize(forSUMMARIZE)llama3.1-70b(forCLASSIFY_TEXT,AI_REDACT)mistral-7b(forSUMMARIZE)
Example:
ALTER ACCOUNT SET CORTEX_MODELS_ALLOWLIST = 'llama3.1-70b,arctic-translate,arctic-extract,arctic-sentiment,arctic-parse-document,arctic-extract-answer,arctic-summarize';
Alternatively, use model RBAC by setting
CORTEX_MODELS_ALLOWLIST = 'None'and granting model application roles (for example,SNOWFLAKE."CORTEX-MODEL-ROLE-ARCTIC-TRANSLATE") to the appropriate roles.
This change is being made to:
Maintain consistent governance
Enforce least-privilege access uniformly
Align managed AI Functions with existing Cortex model access controls
Strengthen enterprise-grade compliance guarantees
Provide transparent model authorization behavior
Ref: 2220