保护提供商的知识产权

This topic describes how the Snowflake Native App Framework protects provider data by redacting or removing information about objects shared by a Snowflake Native App.

About intellectual property protection in the Snowflake Native App Framework¶

When a consumer installs a Snowflake Native App, they are not allowed to view the objects within the application object unless a provider grants permissions on the objects using application roles.

In general, when a consumer queries object metadata using a schema, view, or uses Snowsight to view the Query Profile or Query History for those queries, the Snowflake Native App Framework redacts information about the objects within the application object.

从查询配置文件中隐去的信息

The Snowflake Native App Framework redacts information from the query profile in the following contexts:

Queries that are run when the app is installed or upgraded.
Queries that originate from a stored procedure owned by the app.
Queries containing a non-secure view or function owned by the app.

For each of these types of queries, Snowsight collapses the query profile data into a single empty node instead of displaying the full query profile tree.

从查询历史记录中隐去的信息

For queries related to a Snowflake Native App, the query_text and error_message fields are redacted from the query history in the following contexts:

Queries run when the app is installed or upgraded.
Queries that originate from a child job of a stored procedure owned by the app.

In each of these situations, the cell of the query history in Snowsight appears blank.

从 SQL 命令和视图中隐去的信息¶

当使用者使用 SHOW 或 DESCRIBE 命令查看有关应用程序对象或应用程序拥有的对象的信息时，有关实施细节的信息将被隐去。例如，会从这些命令的输出中隐去函数定义和函数正文。

Information about implementation details is redacted from the ACCESS_HISTORY view in the following contexts:

安装或升级应用程序时生成的查询。
由应用程序拥有的存储过程和用户定义的函数生成的查询。

此外，对于应用程序拥有的视图，将会隐去有关基表的信息。

授予动态表的 MONITOR 或 OPERATE 权限时的注意事项¶

Providers should use caution when granting the MONITOR or OPERATE privilege on dynamic tables to an application role. These privileges allow the consumer to view a dynamic table’s metadata, which might expose the implementation details of the app. See Privileges to view a dynamic table’s metadata for more information on what actions the consumer can perform.

被阻止的上下文函数

To protect information related to objects within an application object, the Snowflake Native App Framework blocks the following context functions:

Context Function	Blocked in shared content (returns null)	Blocked in setup scripts and stored procedure and UDFs owned by the Snowflake Native App (throws an exception)
CURRENT_ROLE	✔
CURRENT_ROLE_TYPE	✔
CURRENT_USER	✔
CURRENT_SESSION	✔
IS_ROLE_IN_SESSION	✔
CURRENT_IP_ADDRESS	✔	✔
CURRENT_AVAILABLE_ROLES	✔	✔
CURRENT_SECONDARY_ROLES	✔	✔
ALL_USER_NAMES		✔
GET_USERS_FOR_COLLABORATION		✔
CURRENT_WAREHOUSE		✔
SYSTEM$ALLOWLIST		✔

保护共享内容

To protect the privacy and integrity of a provider’s data content, the Snowflake Native App Framework implements the following restriction:

Shared objects are read-only for an application object and installed Snowflake Native App.
Shared objects are not directly exposed to consumers. Objects are only exposed through a view that is installed when the setup script runs during the Snowflake Native App installation or upgrade.
只有提供商可以更新共享内容。
Only the following objects can be shared with an application object or installed Snowflake Native App. These object must have certain privileges:
- 架构：只能向应用程序包的共享内容授予 USAGE 权限。
- Tables: Only the SELECT privilege can be granted to the shared content of an application package. Tables with defined policies (row access, masking, tag based, etc.) cannot be shared. Policies can be defined on the objects when they are exposed to consumers.
- Views: Only the SELECT privilege can be granted to the shared content of an application package. Views with defined policies, including row access, masking, tag based, etc., cannot be shared.

Note

视图或组成它们的任何视图均不能包含 JavaScript、Java、Python 或 Scala 函数。

Refer to Allow consumers to access shared objects in an app for more information.