Managing Session Policies in Snowflake: Key Privileges and Commands:
Essential Privileges
CREATE: Enables creating new session policies in a schema.
APPLY SESSION POLICY: Enables applying policies at the account or user level.
OWNERSHIP: Grants full control over a policy, required for most alterations.
Important Note: Operating on any object in a schema also requires the USAGE privilege on the parent database and schema.
Key DDL Commands
CREATE SESSION POLICY
ALTER SESSION POLICY
DROP SESSION POLICY
SHOW SESSION POLICIES
DESCRIBE SESSION POLICY
ALTER ACCOUNT (to set or unset account-level policies)
ALTER USER (to set or unset user-level policies)
Troubleshooting Common Issues
Cannot create a session policy:
- Ensure a database is specified or use a fully qualified object name.
- Verify the role has the CREATE SESSION POLICY on SCHEMA privilege.
- Check database existence and USAGE privilege on the schema.
- Verify the role has OWNERSHIP or APPLY privilege on the policy.
Cannot drop a session policy:
Ensure the role has OWNERSHIP privilege on the policy.
Unset the policy from the account (if attached) before dropping.
Cannot set a session policy on an account:
An account can only have one active policy. Unset the current one first.
Cannot set a timeout value:
- The timeout value (in minutes) must be an integer between 5 and 240.
Cannot update an existing session policy:
- Verify the policy name, ALTER SESSION POLICY syntax, and privileges.
Additional Information:
- For a detailed summary of DDL operations and required privileges, refer to Snowflake documentation.
- For instructions on account and database replication to replicate session policies, consult Snowflake documentation.