Snowflake Data Clean Rooms 开发者指南¶
This topic provides guidelines for users who want to create or manage Snowflake Data Clean Rooms programmatically.
Snowflake exposes an API of stored procedures for creating and controlling clean rooms. These stored procedures can be run in any interface that can access the Snowflake account associated with your clean room environment, including Snowsight notebooks and worksheets, as well as the Snowflake CLI. These procedures can be called in SQL or in any language supported by your Snowflake environment.
设置您的环境¶
开发工具¶
以下是 Clean Room 的主要开发者工具:
编码环境: 任何可以在您的 Snowflake 账户中运行存储过程的编码环境都可以运行。大多数开发者使用 Snowsight 中的工作表(基于浏览器的工具)或 Snowflake CLI。
The clean rooms UI: Use the clean rooms UI to configure, manage, or create clean rooms. Most clean room analysts use the UI rather than code, so it's important to see and test the experience of your clean rooms in the UI. Additionally, there are a handful of features that are available only in the clean rooms UI.
Snowsight 可用于浏览数据库和其他对象以及搜索对象。
Clean rooms API: API documentation is divided into provider and consumer topic pages.
编码设置¶
所需角色和仓库¶
The clean rooms API requires the SAMOOHA_APP_ROLE role for full API access. Ask your clean rooms administrator to grant you full API access. Clean rooms also supports creating roles with access to a subset of API procedures.
您必须使用仓库中 SAMOOHA_APP_ROLE 可以使用的 Clean Room API。app_wh 是 众多可以访问 API 的仓库 之一。根据您的需求选择合适的仓库。
-- Set up environment.
USE ROLE SAMOOHA_APP_ROLE;
USE WAREHOUSE app_wh;
-- Call your clean rooms API functions.
...
如果您使用任何其他仓库,请务必授予该仓库的 SAMOOHA_APP_ROLE 使用权:
GRANT USAGE ON WAREHOUSE <your_warehouse> TO SAMOOHA_APP_ROLE;`
关于 Clean Room API¶
Snowflake Data Clean Rooms exposes a set of stored procedures that let a provider create, configure, and share a clean room. These procedures can be called in any command-line environment that supports Snowflake procedures, including notebooks, worksheets, and the Snowflake CLI. The documentation here shows SQL usage, but you can also use Python or any other supported Snowflake language.
过程存在于以下架构中:
samooha_by_snowflake_local_db.provider– 特定于提供商的过程。这些过程只能在当前账户中创建的 Clean Room 上调用。samooha_by_snowflake_local_db.consumer– 特定于使用者的过程。这些过程只能在当前账户受邀作为使用者的 Clean Room 上调用。samooha_by_snowflake_local_db.library- General procedures called by either the clean room creator (provider) or a clean room collaborator (consumer). These procedures are documented in both the provider and consumer reference pages.
Some procedures have both provider and consumer versions. The results are appropriate to the schema: for example,
provider.view_cleanrooms lists all clean rooms in the current account for which you are a provider, and consumer.view_cleanrooms lists
all clean rooms in the current account for which you are a consumer. Be sure to call the procedure in the namespace that you need.
关于 API 过程中的 Clean Room 名称¶
许多 Clean Room API 过程都需要 cleanroom_name 实参。
如果 Clean Room 是 使用 API 创建的,则使用 Clean Room 名称。如果用作包名称的一部分,请将空格替换为下划线:
-- Spaces work here: CALL samooha_by_snowflake_local_db.provider.describe_cleanroom('my code created clean room'); -- Underscores required here: SHOW VERSIONS IN APPLICATION PACKAGE SAMOOHA_CLEANROOM_my_code_created_clean_room;
如果 Clean Room 是 使用 Clean Room UI 创建的,则使用 Clean Room ID。
您可以通过调用 describe_cleanroom 或 view_cleanrooms 查看 Clean Room 名称和 ID。
Clean rooms created using the API are labeled in the clean rooms UI as Supported with Developer APIs.
设置账户、用户和角色¶
You aren't required to use the clean rooms UI to develop clean rooms: most clean room functionality is available by calling the API. However, a few features are available only in the UI, and some are faster to perform in the UI. And because many users use the UI exclusively, it's important to see how your clean room behaves in the UI. Therefore, you should ask a clean room administrator to add you as a clean room manager or higher in the appropriate clean room accounts.
Depending on your use case, you might also want to set up an additional Snowflake account in different web hosting regions to test cross-cloud behavior.
Name your test Snowflake accounts meaningfully to indicate their typical usage: for example, "Consumer account," "Provider account," and "Cross-cloud account." This can help when you have multiple test accounts and must choose an account on the clean rooms login page.
Internal testing clean rooms¶
You can test a clean room during development by sharing the clean room with yourself. Such a clean room is called an internal testing clean room. Using a single account for both provider and consumer is convenient for quick feature testing.
To create an internal testing clean room, simply pass the provider account information to provider.add_consumers as the sole consumer.
Internal testing clean rooms have the following restrictions:
An internal testing clean room cannot later be shared with other accounts. An internal testing clean room always is an internal testing clean room.
The following features are not supported in internal testing clean rooms:
提供商激活
提供商运行分析
Mounting or viewing request logs (
provider.mount_request_logs_for_all_consumersorprovider.view_request_logs)使用者自定义模板
Multi-provider analyses
差分隐私
If you want to test features that aren't supported in an internal testing room, you must set up separate provider and consumer Snowflake accounts to test both sides of a clean room.
Download a sample worksheet that demonstrates using a clean room in a
single account for both provider and consumer.
See what's installed with the clean rooms environment¶
Snowflake Data Clean Rooms creates many local databases upon installation. You can find details about tasks and objects that are run or installed with a clean room package in Snowflake Data Clean Rooms:安装的对象.
Sample data¶
The clean rooms environment installs a few sample datasets you can use.
You can also generate synthetic test data using Snowflake.
准则和建议¶
确认您在 Clean Room UI 和代码中使用相同的账户¶
您经常需要为同一 Snowflake 账户打开编码环境和 Clean Room UI(例如,在代码中创建 Clean Room 时),然后检查其在 Clean Room UI 中的外观。请务必确认您在每个 Clean Room 中使用相同的 Snowflake 账户。
Snowsight does not have a shortcut to open the clean rooms UI for the same account, or the reverse, so you must be sure to log in to the same account in each environment.
Clean Room 名称与 Clean Room ID 的对比¶
When using the API, for procedures that take a clean room name argument, determine whether to use the clean room name or the clean room ID as follows:
如果 Clean Room 是使用 API 创建的,则使用 Clean Room 名称。
如果 Clean Room 是在 Clean Room UI 中创建的,请使用 Clean Room ID。您可以通过调用
provider.view_cleanrooms或provider.describe_cleanroom来查看 Clean Room 名称和 ID。
Update your clean room whenever you make UI changes¶
When you change any clean room properties that affect the UI, call
provider.create_or_update_cleanroom_listing to propagate the changes.
在代码或 UI 中创建的 Clean Room 之间的互操作性¶
When you create a clean room using the API, some features are not modifiable in the clean rooms UI. For example, you cannot add additional templates, even stock Snowflake templates, in code for a UI-created clean room. You also cannot change the differential privacy settings.
故障排除¶
Consumer can't set join policies or perform other basic actions on a joined clean room¶
确认您已使用正确角色安装 Clean Room (SAMOOHA_APP_ROLE)。如果您在安装 Clean Room 时没有使用 SAMOOHA_APP_ROLE,则会遇到很多问题,常见的是权限错误。如果是这种情况,即使是 consumer.uninstall_cleanroom 也会失败,您必须采取额外步骤卸载 Clean Room,然后使用正确的角色重新安装。
-- Who owns the clean room?
SHOW SHARES LIKE 'SAMOOHA_CLEANROOM_REQUESTS_<cleanroom_name>';
-- If the owner role is not SAMOOHA_APP_ROLE, you must drop the share, then
-- uninstall the clean room.
DROP SHARE SAMOOHA_CLEANROOM_REQUESTS_<cleanroom_name>;
CALL samooha_by_snowflake_local_db.consumer.uninstall_cleanroom($cleanroom_name);
USE ROLE SAMOOHA_APP_ROLE;
CALL samooha_by_snowflake_local_db.consumer.install_cleanroom($cleanroom_name, '<provider_locator>');
找不到您创建的 Clean Room¶
如果您在一个账户中创建了 Clean Room,但在协作者账户中看不到它,可能的原因有以下几个:
Clean Room 是在不同的云托管区域创建的,并且您尚未启用 Cross-Cloud Auto-Fulfillment。
您没有通过调用
provider.create_or_update_cleanroom_listing发布您的 Clean Room。您是在调用
consumer.view_cleanrooms()而不是 ``provider.view_cleanrooms()``(或相反)。您没有共享 Clean Room,使用错误账户共享 Clean Room,或者您在 Snowsight/Clean Room UI/CLI 中打开了错误的协作者账户。确认您希望看到 Clean Room 的账户是您共享 Clean Room 的账户,并且您已登录该共享账户。
从发布 Clean Room 到协作者可以看到它之间会有很小的延迟。
未知函数¶
If you call a procedure and get an error something like the following snippet:
Unknown user-defined function SAMOOHA_BY_SNOWFLAKE_LOCAL_DB.CONSUMER.<procedure name>
Here are a few possible causes:
- You typed the wrong namespace.
请务必调用您过程的正确
provider版本或consumer版本。许多过程都有提供商和使用者版本。- You mistyped the name of the function.
Check the reference guide for the proper naming.
- You have been granted a limited-access run-role, and the function you called isn't allowed by your role.
Test this by running the following SQL code:
USE DATABASE samooha_by_snowflake_local_db; CALL IS_DATABASE_ROLE_IN_SESSION('samooha_run_role');
If the code snippet returns TRUE, you have limited-access run-role permissions on the clean room API. If you need greater access, ask a clean room administrator for full access. See the list of permitted run-role procedures in the consumer.grant_run_on_cleanrooms_to_role documentation.
- You don't have SAMOOHA_APP_ROLE
To see if you can use the SAMOOHA_APP_ROLE, run the following command:
-- Get current user name. SELECT current_user(); -- Add current user name in place as indicated. SHOW GRANTS TO USER <current_user_name> ->> select * from $1 where "role" = 'SAMOOHA_APP_ROLE';
If you don't get any results, ask an administrator to give you API access to the clean room.
See if a user has installed a clean room¶
You can check if a given user has installed a given clean room by running the following SQL code. Replace $consumer_locator and
$cleanroom_name with the consumer locator and clean room name.
SELECT * FROM snowflake.data_sharing_usage.application_state
WHERE consumer_account_locator = $consumer_locator
AND CONTAINS(package_name, UPPER(REPLACE($cleanroom_name, ' ', '_')));
Check your query or analysis history¶
You can see your query history for analyses run in the UI or in code. These histories are stored and checked separately.
UI analysis history¶
Clean Room UI 会在 Analyses & Queries 页面中显示此账户先前的所有分析列表。这些结果仅适用于在 UI 中运行的查询。
如果您修改或删除 Clean Room,则除非报告使用以下模板之一,否则该 Clean Room UI 中的分析报告将被删除:
Audience Overlap & Segmentation
SQL Query
自定义模板。
即使修改或删除了 Clean Room,上面列出的模板的查询历史记录也会得到保留。
API 查询历史记录¶
To see the account history of all calls run using the API, including template analyses, do the following:
Sign in to Snowsight.
In the navigation menu, select Monitoring » Query History.
Use the filters to find the query associated with the analysis, and select the query or analysis.
扩展示例¶
To help you understand how to use various features of the Developer APIs, you can refer to the examples in the Use cases and Features sections of the clean rooms documentation.