自动履行对象
在继续操作之前,请务必了解 Cross-Cloud Auto-Fulfillment(自动履行)支持的对象、对象可能如何依赖账户角色、Snowflake 为自动履行创建的内部对象,以及对象级自动履行具体会履行哪些内容。
支持自动履行的对象
您的列表中包含 或引用 的数据库对象必须仅包含支持自动履行的对象。
根据您的数据产品,支持的对象有所不同:
| Object | Share (Database) | Application package |
|---|---|---|
| Table | ✔ | ✔ |
| Open table (Apache Iceberg™, Delta Lake) | ✔ | ✔ |
| View (Regular, aka Non-Secure) | ✔ | ✔ |
| View (Materialized) | ✔ | ✔ |
| View (Secure) | ✔ | ✔ |
| View (Semantic) | ✔ | ✔ |
| Secure view that references data stored in other databases using the REFERENCE_USAGE privilege. | ✔ | ✔ |
| Secure view that references a directory table of an internal stage (not external). For more information, see Share unstructured data with a secure view. | ✔ | ✔ |
| Cortex Knowledge Extensions (CKEs) | ✔ | |
| Cortex Agents | ✔ | |
| Dynamic Table | ✔ | ✔ (only from the application package) |
| Database Roles | ✔ | ✔ |
| SQL UDF/UDTF (Regular, also known as non-secure) | ✔ | ✔ (when called from shared views in referenced databases) |
| SQL UDF/UDTF (Secure) | ✔ | ✔ (when called from shared views in referenced databases) |
| Stored Procedure (not used by sharing) | ✔ | ✔ |
| Masking and Row Access Policies | ✔ | ✔ |
| Tags | ✔ | ✔ |
| Policies | ✔ | ✔ |
| Tasks (not used by sharing) | ✔ | ✔ |
| Alerts (not used by sharing) | ✔ | ✔ |
| Secrets (not used by sharing) | ✔ | ✔ |
If an object on this list is designated as part of a replication or failover group, then it’s not supported for auto-fulfillment. See Introduction to replication and failover across multiple accounts for details. If a primary database contains a hybrid table, the refresh operation fails. For details, see the Snowflake Community forum (https://community.snowflake.com/s/article/Auto-fulfillment-error-SQL-execution-error-Primary-database-contains-an-entity-of-type-Table-Replication-of-a-database-with-this-entity-type-is-not-supported).
如果您的数据产品包含或引用受支持对象列表以外的对象,您必须更新数据产品。
依赖于账户角色的对象的自动履行
自动履行不会复制账户角色。相反,SSAs 中的对象由 ACCOUNTADMIN 角色拥有。
如果您的共享或应用程序包中包含依赖于某个账户角色的对象,那么在与使用者共享时,该对象的工作方式可能会与您预期的不同。例如:
- If you share a secure view that includes data protected by a policy using the INVOKER_ROLE context function, the policy might evaluate to a different value than in the provider account region because the view owner role is different.
- If you share a secure view where the objects referenced by the view are restricted to an account role, such as a table where only the SECURITYADMIN role has SELECT privileges, the view might fail to expand when queried by a user without the SECURITYADMIN role in the provider account, but return results when queried by a user without the SECURITYADMIN role in the consumer account.
Instead of using account roles, use database roles. For more information, see Share data protected by a policy and IS_DATABASE_ROLE_IN_SESSION.
Snowflake Marketplace calculates compute costs for listing auto-fulfillment to VPS regions by using VPS rates. For details on VPS rates, see Snowflake Service Consumption Table.
为自动履行创建的内部 Snowflake 对象¶
Snowflake 创建以下内部对象来支持 Cross-Cloud Auto-Fulfillment:
| Object Type | Name |
|---|---|
| Roles | SNOWFLAKE$GDS_RL AUTO_FULFILLMENT_EXECUTOR |
| Database | SNOWFLAKE$GDS |
| Replication groups | Prefixed with SNOWFLAKE$GDS |
这些内部对象用于执行自动履行的任务,如在另一个区域创建安全共享区域,并创建一个数据库来存储自动履行所用的对象,如履行任务。
These internal objects appear when you run SHOW DATABASES, SHOW ROLES, or SHOW REPLICATION GROUPS respectively. Do not modify these objects or grant them to other users or roles.
对象级自动履行
When you configure object-level auto-fulfillment, SUB_DATABASE is used for supported objects. Objects that are referenced by these objects must also be supported. For a list of supported objects, refer to the 支持自动履行的对象 topic on this page.
- 区域中的第一位使用者将获得列表。
- 自动履行将共享中的对象传输到安全共享区。
- 任何获得列表的使用者都可以从其 Snowflake 区域的安全共享区获取数据产品。
实施对象级自动履行功能的内容
当您对数据产品使用 SUB_DATABASE(对象级)自动履行功能时,只有直接授予共享或应用程序的对象或由共享或应用程序中的对象引用的对象才会实施自动履行功能。
例如:
| Object in data product | What is transferred |
|---|---|
| Table in a database and schema | Table |
| Secure view created from a table in the same database | Secure view and table |
| (Deprecated) Table in a database using FULL_DATABASE auto-fulfillment | Entire database |
| Table in a database using SUB_DATABASE auto-fulfillment | Table |
| Application package using SUB_DATABASE_WITH_REFERENCE_USAGE auto-fulfillment | The application package |