创建用户界面以请求权限和引用
This topic describes how you, as a provider, create a user interface using Streamlit and the Snowsight to allow consumers to grant privileges and create references for an installed Snowflake Native App. To access Snowflake privileges and references from a Streamlit program, the Snowflake Native App Framework provides the Python Permission SDK.
See Python Permission SDK reference for information on the methods in the Python Permission SDK.
关于权限和引用
For general information on requesting privileges and references from the consumer using the Snowflake Native App Framework, refer to Create and access objects in a consumer account.
About the Python Permission SDK¶
The Snowflake Native App Framework provides the Python Permission SDK which allows a provider to do the following within a Snowflake Native App:
- 检查账户级别权限。
- 请求清单文件中列出的全局权限。
- Request references to objects and their corresponding object level privileges as defined in the manifest file.
- 请求权限操作,例如创建 API 集成或创建共享。
Using the Python Permission SDK, Snowsight displays the access requests in the Security tab of the installed Snowflake Native App.
See Python Permission SDK reference for information on the methods in the Python Permission SDK.
创建接口以批准权限和绑定引用的工作流程
以下常规工作流程概述了实施 Streamlit 应用程序以请求使用者授予权限和引用所需的步骤。
-
创建应用程序包。
-
In the manifest file, specify the privileges and define the references required for the Snowflake Native App.
-
将 Streamlit 应用程序添加到应用程序包。
-
Add an
environment.ymlfile to your application package.Note
The
environment.ymlfile must be in the same directory as main Streamlit file used to implement the Snowsight interface. -
Add the
snowflake-native-apps-permissionlibrary as a dependency. -
Import the
snowflake.permissionslibrary in your Streamlit app. -
将函数添加到 Streamlit 应用程序,以调用 SDK 提供的函数。
Add the Python Permission SDK to your Streamlit environment¶
To use the Python Permission SDK in a Streamlit app, add the snowflake-native-apps-permission
package as a dependency in your environment.yml file as shown in the following example:
Import the Python Permission SDK in a Streamlit app¶
To import the Python Permission SDK into your Streamlit app, include the following import statement in your app:
向使用者请求权限
The following examples show how to perform different tasks using the Python Permission SDK.
查看账户级别权限
This example shows how to use the get_held_account_privileges() method of the Python Permission SDK to check if permissions declared in the manifest file are granted to the installed Snowflake Native App.
For example, if a Snowflake Native App needs to create a database outside of the APPLICATION object, a provider can define the reference in the manifest file as follows:
Using the Python Permission SDK, you can use the get_held_account_privileges() method to obtain a list of privileges that have been granted to the Snowflake Native App.
This example calls the get_held_account_privileges() function, passing the CREATE DATABASE permission as a parameter. A provider can use the get_held_account_privileges() function to wait until the consumer grants the required privileges to the app.
Note
Only privileges defined in the manifest file are valid arguments to get_held_account_privileges(). Passing other arguments results in an error.
要求使用者执行权限操作
Providers can use the Python Permission SDK to request privileged actions required by the Snowflake Native App.
For example, to request an API integration that allows the Snowflake Native App to connect to a ServiceNow instance, a provider would define the API integration in the manifest file:
Next, in the Streamlit app, the provider calls the request_reference() method to request the USAGE privilege on the API integration as shown in the following example: