Install a Declarative Native App¶

Snowflake Declarative Native Apps are databases that you can use to gain access to data and functionality shared by Snowflake data providers.

You can use Snowsight to install and access Declarative Native Apps, or you can use SQL commands to access the data directly.

安装应用程序后，您可以将其与组织内的其他成员共享。

Security¶

Declarative Native Apps have a similar security model to secure data sharing:

Apps only have access to the data included in the app.
Apps can’t access the consumer’s private data.
Apps aren’t allowed to make external calls or to access data outside of the Snowflake account.

先决条件

To install a Declarative Native App, you must have a Snowflake account, and a role with either of the following privileges:

ACCOUNTADMIN 角色。
同时具有 CREATE APPLICATION 和 IMPORT LISTING 权限的角色

要购买付费列表，该角色还必须具有 PURCHASE DATA EXCHANGE LISTING 权限。

授予安装权限

An ACCOUNTADMIN can allow members of the organization to install Declarative Native Apps by granting privileges to the member’s role, using the GRANT privileges TO ROLE commands:

GRANT CREATE APPLICATION ON ACCOUNT TO ROLE <role_name>;
GRANT IMPORT LISTING ON ACCOUNT TO ROLE <role_name>;

安装应用程序

Roles with installation privileges can install a Declarative Native App from the Snowflake Marketplace, or from a privately shared listing.

Sign in to Snowsight.
In the navigation menu, select Marketplace » Snowflake Marketplace.
搜索或浏览您要访问的列表。
Select the listing, and select Get or Buy.
(Optional) Enter a name for Application name.
Select Get.
Select Open to view the app, or select Done to finish.

Show the available listings in the Snowflake Data Marketplace with the command: SHOW AVAILABLE LISTINGS IN DATA EXCHANGE SNOWFLAKE_DATA_MARKETPLACE.
```
SHOW AVAILABLE LISTINGS IN DATA EXCHANGE SNOWFLAKE_DATA_MARKETPLACE;
```
Install the app with the command: CREATE APPLICATION FROM LISTING.
```
CREATE APPLICATION <app_name> FROM LISTING <listing_name>;
```

安装应用程序的用户即为应用程序所有者。应用程序所有者和 ACCOUNTADMIN 有权访问应用程序中共享的所有对象，包括 Notebook、表、视图和其他对象。

共享应用程序访问权限

The app owner (or the ACCOUNTADMIN) can share access to the data and features in a Snowflake Declarative Native App to members of their organization by their organization role.

他们可以共享整个应用程序的访问权限，或者对于某些应用程序，他们可以共享对应用程序中部分数据和功能的访问权限，这部分权限由应用程序角色定义。

共享对应用程序中所有数据和功能的访问权限

App owners can share access to all of the data and features in an app with the command: GRANT IMPORTED PRIVILEGES ON APPLICATION.

In this example, an app owner imports privileges for the application: marketing_data_app to the team_admin_role organizational role:

GRANT IMPORTED PRIVILEGES ON APPLICATION marketing_data_app TO ROLE team_admin_role;

Note

共享应用程序访问权限并不会共享将应用程序权限授予他人的能力。

应用程序角色：共享对应用程序中部分数据和功能的访问权限

Some Declarative Native Apps include app roles, which provide access to a subset of the data and features in an app. App owners can assign app roles to their organization roles. This grants members of the organization roles access to the data and features defined in the app roles.

List the available roles with the command: SHOW APPLICATION ROLES. For example:
```
SHOW APPLICATION ROLES IN APPLICATION marketing_data_app;
```

该命令会列出可用的应用程序角色。如果应用程序没有应用程序角色，该命令将返回空结果集。

Grant app roles to teams by their organization roles with the command: GRANT APPLICATION ROLE …TO ROLE command.
```
GRANT APPLICATION ROLE marketing_data_app.sales TO ROLE sales_team_west;
```

注意事项：

使用者不能共享对应用程序中单个对象（例如单个表、视图或笔记本）的访问权限，除非由应用程序角色定义。
使用者不能定义新的应用程序角色，或修改现有的应用程序角色。
使用者不能与组织外部的成员共享应用程序中对象的访问权限。

访问应用程序

For information about using the app, see Access content in a Declarative Native App.