Snowflake Native Apps: Changes to privileges commonly used by apps¶
Note
This behavior change is not applicable if you don’t have a Snowflake Native App running in your account, or you’re not planning to install a Snowflake Native App before this behavior change is enabled.
In a future release, privileges commonly used by apps will change from opt-in to opt-out. Privileges that currently require explicit grants during installation or upgrade will be available to a new app installation or an upgrade by default. This includes new versions and patches of a previously installed app.
This change affects the following privileges:
- EXECUTE TASK
- EXECUTE MANAGED TASK
- CREATE WAREHOUSE
- CREATE COMPUTE POOL
- BIND SERVICE ENDPOINT
- CREATE DATABASE
- Before the change:
If an app requires one of the privileges listed above, the consumer must explicitly grant these privileges to the app during installation or upgrade.
- After the change:
If an app requires these privileges, they will be granted to the app automatically during installation or upgrade. Consumers must explicitly deny access to these privileges.
Ref: 1952