SnowDDL
  • 👋Introduction
  • ðŸšĐGetting started
  • 📋Main features
  • ðŸŠĪSnowDDL vs. Declarative DCM
  • In-depth guides
    • 👓Object identifiers
    • 📐Data types
    • ðŸ“ĶObject types
    • 🎭Role hierarchy
    • 🚧Permission model
    • ðŸ”ĶOther guides
      • Administration user
      • Integrations
      • Inbound shares
      • Object OWNERSHIP
      • Safe & unsafe DDL
      • Dependency management
      • Short hash explained
      • Env Prefix explained
      • Team workflow
      • Limitations & workarounds
      • Fivetran
      • Airbyte
      • Encrypt user passwords
      • Iceberg Tables
  • Basic usage (CLI + YAML)
    • ðŸ’ŧCLI interface
    • ðŸ“ĶYAML configs
      • ACCOUNT PARAMETER
      • ACCOUNT POLICY
      • AGGREGATION POLICY
      • ALERT
      • AUTHENTICATION POLICY
      • BUSINESS ROLE
      • DATABASE
      • DYNAMIC TABLE
      • EVENT TABLE
      • EXTERNAL ACCESS INTEGRATION
      • EXTERNAL FUNCTION
      • EXTERNAL TABLE
      • FILE FORMAT
      • FUNCTION
      • HYBRID TABLE
      • ICEBERG TABLE
      • MASKING POLICY
      • MATERIALIZED VIEW
      • NETWORK POLICY
      • NETWORK RULE
      • PERMISSION MODEL
      • PIPE
      • PLACEHOLDER
      • PROCEDURE
      • PROJECTION POLICY
      • RESOURCE MONITOR
      • ROW ACCESS POLICY
      • SCHEMA
      • SECRET
      • SEQUENCE
      • SHARE (outbound)
      • STAGE
      • STAGE FILE
      • STREAM
      • TABLE
      • TASK
      • TECHNICAL ROLE
      • USER
      • VIEW
      • WAREHOUSE
    • 🏷ïļYAML placeholders
    • 📎YAML tag !include
    • 🔐YAML tag !decrypt
  • Single DB
    • ðŸĶ€Overview
  • Advanced usage (Python)
    • ⚙ïļProgrammatic config
    • 🐍Architecture overview
      • ðŸ”ĩBlueprints
      • ðŸŸĢConfig
      • 🟠Parsers
      • ðŸŸĒResolvers
      • ðŸ”īEngine
    • 🏗ïļQuery builder & formatter
  • Breaking changes log
    • 0.45.0 - March 2025
    • 0.41.0 - January 2025
    • 0.37.0 - December 2024
    • 0.36.0 - November 2024
    • 0.33.0 - October 2024
    • 0.27.0 - May 2024
  • Links
    • GitHub repository
    • PyPI package
    • YouTube tutorials
    • Changelog
    • LinkedIn profile
Powered by GitBook
On this page
  • NETWORK POLICY rework
  • Policy references rework
  • Execution sequence rework
  1. Breaking changes log

0.33.0 - October 2024

Previous0.36.0 - November 2024Next0.27.0 - May 2024

Last updated 7 months ago

This update introduces significant changes related to management of policies.

NETWORK POLICY rework

object type was significantly reworked. Now it behaves similarly to other types of policies. Internally it uses POLICY_REFERENCES table function to get connected objects (ACCOUNT, USER, etc.). Env prefix is now supported for network policies.

Account-level NETWORK POLICY

Setting NETWORK POLICY on ACCOUNT now requires config. Setting it via no longer works.

Before:

account_params.yaml
---

network_policy: MY_NETWORK_POLICY

After:

account_policy.yaml
---

network_policy: MY_NETWORK_POLICY

User-level NETWORK POLICY

Setting NETWORK POLICY on USER now requires explicit network_policy parameter in config. Setting it via session_params no longer works.

Before:

my_user:
  first_name: John
  last_name: Doe
  session_params:
    network_policy: MY_NETWORK_POLICY

After:

my_user:
  first_name: John
  last_name: Doe
  network_policy: my_network_policy

Policy references rework

Previously it was required to specify references for most types of policies in policy config using references parameter. This parameter is still working, but it is now deprecated.

Before:

test_masking_policy_1.yaml
---

arguments:
  name: VARCHAR(255)

returns: VARCHAR(255)

body: |-
  REPLACE(name, 'A', '*')

references:
  - object_type: TABLE
    object_name: test_table_1
    columns: [name]


---
test_table_1.yaml
---

columns:
  name: VARCHAR(255)

After:

test_masking_policy_1.yaml
---

arguments:
  name: VARCHAR(255)

returns: VARCHAR(255)

body: |-
  REPLACE(name, 'A', '*')


---
test_table_1.yaml
---

columns:
  name: VARCHAR(255)

masking_policies:
  - policy_name: test_masking_policy_1
    columns: [name]

Execution sequence rework

This update introduced new destroy_sequence for SnowDDL applications.

Original sequences were renamed:

  • parser_sequence -> parse_sequence

  • resolver_sequence -> resolve_sequence

If you implemented custom application using SnowDDL code, please update it accordingly.

Policy references can now be specified directly in or config using new policy reference parameters.

NETWORK POLICY
ACCOUNT POLICY
ACCOUNT PARAMETERS
USER
TABLE
VIEW