How can a snowflake native application built with container services request or grant imported privilege on Snowflake DB?
According to Snowflake Documentation, the grant can only be added through SQL commands. Once I create the application, and run the below SQL, It shows the error
GRANT IMPORTED PRIVILEGES ON DATABASE SNOWFLAKE TO APPLICATION my_app;
-- Error
Privilege 'IMPORTED PRIVILEGES ON SNOWFLAKE DB' cannot be granted because it is not requested by current application version
Sharing the manifest.yml for reference:
manifest_version: 1
version:
name: v1_9
label: "v1_9"
comment: "My Application"
artifacts:
setup_script: setup.sql
readme: readme.md
container_services:
images:
- /insta_spcs_db/app_schema/repo_stage/iqr_app_image
default_web_endpoint:
service: core.iqr_service
endpoint: iq
configuration:
log_level: debug
trace_level: always
grant_callback: app_public.grant_callback
lifecycle_callbacks:
version_initializer: app_public.version_init
privileges:
- CREATE COMPUTE POOL:
description: "Enable application to create its own compute pool(s)"
- BIND SERVICE ENDPOINT:
description: "Enables application to expose service endpoints"
- CREATE WAREHOUSE:
description: "Enables application to create its own WAREHOUSE"
references:
- snowflake_query_history:
label: "Snowflake Query History"
description: "A database in the consumer account that exists outside the APPLICATION object."
privileges:
- SELECT
object_type: VIEW
multi_valued: false
register_callback: app_public.register_single_reference
The solution is to add "IMPORTED PRIVILEGES ON SNOWFLAKE DB" privilege in the manifest file.
privileges:
- CREATE COMPUTE POOL:
description: "Enable application to create its own compute pool(s)"
- BIND SERVICE ENDPOINT:
description: "Enables application to expose service endpoints"
- CREATE WAREHOUSE:
description: "Enables application to create its own WAREHOUSE"
- IMPORTED PRIVILEGES ON SNOWFLAKE DB:
description: "Enables application to import privileges on snowflake DB"