Config path: /<database>/<schema>/projection_policy/<name>.yaml

Example:

body: |-
  CASE WHEN IS_ROLE_IN_SESSION('SYSADMIN') THEN PROJECTION_CONSTRAINT(ALLOW => true)
       ELSE PROJECTION_CONSTRAINT(ALLOW => true)
  END

references:
  - object_type: TABLE
    object_name: test_table_1
    column: id

  - object_type: VIEW
    object_name: test_view_1
    column: id

comment: my projection policy

Schema

• body (str) - policy SQL expression

• references (dict)

  • object_type (str) - reference object type (e.g. TABLE, VIEW)

  • object_name (ident) - reference object name

  • column (ident) - reference column name

• comment (str)

Usage notes

1. Management of projection policies requires active warehouse due to unavoidable POLICY_REFERENCES table function calls.

2. Make sure to allow projections for role SYSADMIN, especially if projection policy is being applied to views. Otherwise SnowDDL will have to re-create VIEW on every run due to inability to verify column data types. Example of check: CASE WHEN IS_ROLE_IN_SESSION('SYSADMIN') THEN PROJECTION_CONSTRAINT(ALLOW => true) ELSE ... END

Links

• CREATE PROJECTION POLICY

• SHOW PROJECTION POLICIES

• DESC PROJECTION POLICY

• Parser & JSON Schema (GitHub)