Data quality: DATA_QUALITY_MONITORING_LOOKUP application role granted to the PUBLIC role¶

Users must use a role that has the SNOWFLAKE.DATA_QUALITY_MONITORING_LOOKUP application role to call the DATA_QUALITY_MONITORING_RESULTS function, which lets you view data quality metrics and trends. This change affects which roles have the SNOWFLAKE.DATA_QUALITY_MONITORING_LOOKUP application role by default.

Before the change:

By default, only the ACCOUNTADMIN role has the SNOWFLAKE.DATA_QUALITY_MONITORING_LOOKUP application role. The account administrator must grant the application role to other roles to allow users to call the DATA_QUALITY_MONITORING_RESULTS function.

After the change:

The PUBLIC role is granted the SNOWFLAKE.DATA_QUALITY_MONITORING_LOOKUP application role, which means a user can use any role to call the DATA_QUALITY_MONITORING_RESULTS function.

This doesn’t mean that all roles and users can view data quality metrics for all objects; users must still have privileges to access an object in order to return results from the DATA_QUALITY_MONITORING_RESULTS function.

After the change, if you want to limit who can call the DATA_QUALITY_MONITORING_RESULTS function, you’ll need to revoke the SNOWFLAKE.DATA_QUALITY_MONITORING_LOOKUP application role from the PUBLIC role, then grant this application role to other, more specific roles.

• For information about revoking the SNOWFLAKE.DATA_QUALITY_MONITORING_LOOKUP application role, see REVOKE APPLICATION ROLE.

• For information about granting the SNOWFLAKE.DATA_QUALITY_MONITORING_LOOKUP application role to other roles, see GRANT APPLICATION ROLE.

Ref: 2068