Snowflake Solutions Expertise and
Community Trusted By

Enter Your Email Address Here To Join Our Snowflake Solutions Community For Free

Snowflake Solutions Community

Snowflake Sessions & Session Policies

675 viewsConnecting to Snowflakesnowflakesecurity
0

Snowflake Sessions & Session Policies

Alejandro Penzini Changed status to publish December 20, 2023
0

Understanding and Managing Snowflake Sessions and Session Policies

Key Concepts:

Sessions: Independent of IdP sessions, lasting indefinitely with activity or expiring after an idle session timeout (default 4 hours).
Session Policies: Customizable idle timeout periods (5-minute minimum) for accounts or users to address compliance requirements. User-level policies take precedence.
Key Properties:
SESSION_IDLE_TIMEOUT_MINS: For programmatic and Snowflake clients.
SESSION_UI_IDLE_TIMEOUT_MINS: For the Classic Console and Snowsight.
Client Considerations:

Avoid using CLIENT_SESSION_KEEP_ALIVE to prevent excessive open sessions and potential performance degradation.
Use CLIENT_SESSION_KEEP_ALIVE_HEARTBEAT_FREQUENCY to control token update frequency.
Interface Behavior:

Web interface sessions refresh with continued object usage.
New or opened worksheets reuse existing sessions with a reset idle timeout.
Tracking Session Policy Usage:

SESSION_POLICIES view for account-level policies.
POLICY_REFERENCES table function for user-level policies.
Limitations:

Future grants on session policies are unsupported.
Workaround: Grant APPLY SESSION POLICY privilege to a custom role for applying policies.
Implementation Steps (Centralized Management Approach):

Create a custom role (policy_admin) with ownership of the session policy and privileges to apply it to accounts or users.
Grant necessary permissions to policy_admin for account-level policy setting.
Follow Snowflake documentation for specific configuration steps.

Alejandro Penzini Changed status to publish December 20, 2023
You are viewing 1 out of 1 answers, click here to view all answers.

Sign in with google.com

To continue, google.com will share your name, email address, and profile picture with this site.

Harness the Power of Data with ITS Solutions

Innovative Solutions for Comprehensive Data Management

Feedback on Q&A