community.snowflake.com
Open in
urlscan Pro
2606:4700::6812:1075
Public Scan
URL:
https://community.snowflake.com/s/article/Communication-ID-0108977-Additional-Information
Submission: On July 08 via api from US — Scanned from DE
Submission: On July 08 via api from US — Scanned from DE
Form analysis 2 forms found in the DOM
<form novalidate="novalidate" class="mktoForm mktoHasWidth mktoLayoutLeft" style="font-family: Helvetica, Arial, sans-serif; font-size: 13px; color: rgb(51, 51, 51); visibility: hidden; position: absolute; top: -500px; left: -1000px; width: 1600px;">
</form><form id="mktoForm_4014" class="mktoForm1" data-aura-rendered-by="194:0"></form>Text Content
Loading
×Sorry to interrupt
CSS Error
Refresh
* Home
* User Groups
* Discussions
* Snowflake Forums
* StackOverflow
* Reddit
* Community Leaders
* Data Superheroes
* Snowflake Squad
* Support
* Knowledge Base
* Documentation
* Status
* Releases & Announcements
* Resources
* Developers
* Education & Training
* Blog
* Ideas Board
* Partner Portal
* Start For Free
* Snowcases
* More
CREATE ACCOUNTSIGN IN
Home > Knowledge Base Articles > MANAGE SECURITY & GOVERNANCE
KNOWLEDGE BASE ARTICLES
SearchLoading
Can't find what you're looking for? Ask The Community
DETECTING AND PREVENTING UNAUTHORIZED USER ACCESS: INSTRUCTIONS
June 11, 2024
Issue
Snowflake recently observed and is investigating an increase in cyber threat
activity targeting some of our customers’ accounts. We believe this is the
result of ongoing industry-wide, identity-based attacks with the intent to
obtain customer data. Research indicates that these types of attacks are
performed with our customers’ user credentials that were exposed through
unrelated cyber threat activity. To date, we do not believe this activity is
caused by any vulnerability, misconfiguration, or malicious activity within the
Snowflake product. Throughout the course of our ongoing investigation, we have
promptly informed the limited number of customers who we believe may have been
impacted.
This post will assist with investigating any potential threat activity within
Snowflake customer accounts and provide guidance in the “Prevention” section
below.
Cause
Snowflake is investigating activity from the following IP addresses at this
time:
* 104.223.91.28
* 198.54.135.99
* 184.147.100.29
* 146.70.117.210
* 198.54.130.153
* 169.150.203.22
* 185.156.46.163
* 146.70.171.99
* 206.217.206.108
* 45.86.221.146
* 193.32.126.233
* 87.249.134.11
* 66.115.189.247
* 104.129.24.124
* 146.70.171.112
* 198.54.135.67
* 146.70.124.216
* 45.134.142.200
* 206.217.205.49
* 146.70.117.56
* 169.150.201.25
* 66.63.167.147
* 194.230.144.126
* 146.70.165.227
* 154.47.30.137
* 154.47.30.150
* 96.44.191.140
* 146.70.166.176
* 198.44.136.56
* 176.123.6.193
* 192.252.212.60
* 173.44.63.112
* 37.19.210.34
* 37.19.210.21
* 185.213.155.241
* 198.44.136.82
* 93.115.0.49
* 204.152.216.105
* 198.44.129.82
* 185.248.85.59
* 198.54.131.152
* 102.165.16.161
* 185.156.46.144
* 45.134.140.144
* 198.54.135.35
* 176.123.3.132
* 185.248.85.14
* 169.150.223.208
* 162.33.177.32
* 194.230.145.67
* 5.47.87.202
* 194.230.160.5
* 194.230.147.127
* 176.220.186.152
* 194.230.160.237
* 194.230.158.178
* 194.230.145.76
* 45.155.91.99
* 194.230.158.107
* 194.230.148.99
* 194.230.144.50
* 185.204.1.178
* 79.127.217.44
* 104.129.24.115
* 146.70.119.24
* 138.199.34.144
* 198.44.136.35
* 66.115.189.210
* 206.217.206.88
* 37.19.210.28
* 146.70.225.67
* 138.199.43.92
* 149.102.246.3
* 43.225.189.163
* 185.201.188.34
* 178.249.209.163
* 199.116.118.210
* 198.54.130.147
* 156.59.50.195
* 198.44.136.195
* 198.44.129.67
* 37.19.221.170
* 96.44.189.99
* 146.70.134.3
* 66.115.189.200
* 103.75.11.51
* 69.4.234.118
* 146.70.173.195
* 138.199.60.29
* 66.115.189.160
* 154.47.30.144
* 178.249.211.80
* 143.244.47.92
* 146.70.132.227
* 193.19.207.226
* 46.19.136.227
* 68.235.44.35
* 103.136.147.4
* 198.54.133.163
* 169.150.203.16
* 146.70.224.3
* 87.249.134.15
* 198.54.134.131
* 142.147.89.226
* 146.70.117.35
* 193.19.207.196
* 146.70.144.35
* 146.70.173.131
* 107.150.22.3
* 169.150.201.29
* 146.70.117.163
* 146.70.138.195
* 146.70.184.67
* 104.129.57.67
* 185.248.85.49
* 146.70.168.67
* 138.199.43.66
* 79.127.217.35
* 194.127.167.108
* 194.36.25.49
* 146.70.171.67
* 138.199.60.3
* 45.134.212.93
* 146.70.187.67
* 66.63.167.163
* 154.47.29.3
* 149.102.246.16
* 198.44.129.99
* 146.70.128.195
* 185.65.134.191
* 146.70.119.35
* 87.249.134.28
* 149.102.240.67
* 103.75.11.67
* 69.4.234.124
* 169.150.196.3
* 169.150.201.3
* 185.188.61.196
* 87.249.134.2
* 138.199.15.163
* 45.134.213.195
* 138.199.6.208
* 169.150.227.223
* 146.70.200.3
* 149.88.22.156
* 173.205.85.35
* 206.217.206.48
* 194.36.25.4
* 154.47.16.48
* 37.19.200.131
* 146.70.166.131
* 37.19.221.144
* 149.88.20.207
* 79.127.222.195
* 194.127.167.88
* 96.44.191.131
* 69.4.234.119
* 138.199.6.221
* 146.70.128.227
* 66.63.167.195
* 169.150.196.16
* 185.201.188.4
* 173.44.63.67
* 79.127.222.208
* 198.54.134.99
* 198.54.135.131
* 138.199.43.79
* 66.115.189.190
* 149.88.20.194
* 141.98.252.190
* 129.227.46.163
* 31.171.154.51
* 79.127.217.48
* 69.4.234.116
* 206.217.206.68
* 103.125.233.19
* 146.70.188.131
* 169.150.227.198
* 129.227.46.131
* 198.44.136.99
* 149.88.22.130
* 193.138.7.138
* 146.70.168.195
* 169.150.203.29
* 206.217.205.118
* 146.70.185.3
* 146.70.124.131
* 194.127.199.32
* 149.102.240.80
* 143.244.47.79
* 178.255.149.166
* 188.241.176.195
* 69.4.234.125
* 138.199.21.240
* 45.134.79.98
* 178.249.209.176
* 68.235.44.3
* 198.54.133.131
* 193.138.7.158
* 154.47.30.131
* 204.152.216.115
* 206.217.205.125
* 37.19.200.144
* 146.70.171.131
* 198.54.130.99
* 149.22.81.208
* 146.70.197.131
* 198.54.131.131
* 138.199.15.147
* 185.248.85.34
* 143.244.47.66
* 92.60.40.225
* 178.249.214.3
* 146.70.133.3
* 179.43.189.67
* 69.4.234.120
* 146.70.199.195
* 185.156.46.157
* 45.134.142.194
* 68.235.44.195
* 209.54.101.131
* 104.129.41.195
* 146.70.225.3
* 206.217.205.126
* 103.136.147.130
* 194.110.115.3
* 178.249.211.93
* 185.188.61.226
* 194.110.115.35
* 146.70.198.195
* 169.150.198.67
* 103.108.229.67
* 138.199.60.16
* 96.44.191.147
* 31.170.22.16
* 45.134.140.131
* 169.150.196.29
* 103.216.220.19
* 173.205.93.3
* 146.70.199.131
* 103.214.20.131
* 149.88.22.143
* 149.40.50.113
* 138.199.21.227
* 138.199.6.195
* 103.216.220.35
* 198.44.136.67
* 199.116.118.194
* 146.70.129.131
* 199.116.118.233
* 146.70.184.3
* 185.254.75.14
* 38.240.225.69
* 149.22.81.195
* 43.225.189.132
* 45.134.142.207
* 146.70.196.195
* 198.44.140.195
* 206.217.205.119
* 38.240.225.37
* 169.150.227.211
* 37.19.200.157
* 146.70.132.195
* 146.70.211.67
* 206.217.206.28
* 178.249.214.16
* 149.88.22.169
* 149.88.104.16
* 194.36.25.34
* 146.70.197.195
* 45.134.212.80
* 156.59.50.227
* 104.223.91.19
* 198.54.130.131
* 185.248.85.19
* 45.134.79.68
* 45.134.142.220
* 185.204.1.179
* 146.70.129.99
* 146.70.133.99
* 69.4.234.122
* 178.249.211.67
* 198.54.131.163
* 198.44.129.35
* 103.108.231.51
* 146.70.165.3
* 37.19.221.157
* 92.60.40.210
* 154.47.16.35
* 194.127.199.3
* 37.19.210.2
* 103.108.231.67
* 204.152.216.99
* 176.123.7.143
* 176.123.10.35
* 195.160.223.23
In addition to the above IP addresses we have also observed malicious traffic
from clients with the following characteristics:
* Connections from a client identifying itself as rapeflake.
* Connections from a client identifying itself as DBeaver_DBeaverUltimate and
running from Windows Server 2022
Solution
Identification
Identifying Access from Suspected IP Addresses
The following query will return login events that originated from suspected IP
addresses.
SELECT
*
FROM
snowflake.account_usage.login_history
WHERE
client_ip IN (
'104.223.91.28',
'198.54.135.99',
'184.147.100.29',
'146.70.117.210',
'198.54.130.153',
'169.150.203.22',
'185.156.46.163',
'146.70.171.99',
'206.217.206.108',
'45.86.221.146',
'193.32.126.233',
'87.249.134.11',
'66.115.189.247',
'104.129.24.124',
'146.70.171.112',
'198.54.135.67',
'146.70.124.216',
'45.134.142.200',
'206.217.205.49',
'146.70.117.56',
'169.150.201.25',
'66.63.167.147',
'194.230.144.126',
'146.70.165.227',
'154.47.30.137',
'154.47.30.150',
'96.44.191.140',
'146.70.166.176',
'198.44.136.56',
'176.123.6.193',
'192.252.212.60',
'173.44.63.112',
'37.19.210.34',
'37.19.210.21',
'185.213.155.241',
'198.44.136.82',
'93.115.0.49',
'204.152.216.105',
'198.44.129.82',
'185.248.85.59',
'198.54.131.152',
'102.165.16.161',
'185.156.46.144',
'45.134.140.144',
'198.54.135.35',
'176.123.3.132',
'185.248.85.14',
'169.150.223.208',
'162.33.177.32',
'194.230.145.67',
'5.47.87.202',
'194.230.160.5',
'194.230.147.127',
'176.220.186.152',
'194.230.160.237',
'194.230.158.178',
'194.230.145.76',
'45.155.91.99',
'194.230.158.107',
'194.230.148.99',
'194.230.144.50',
'185.204.1.178',
'79.127.217.44',
'104.129.24.115',
'146.70.119.24',
'138.199.34.144',
'198.44.136.35',
'66.115.189.210',
'206.217.206.88',
'37.19.210.28',
'146.70.225.67',
'138.199.43.92',
'149.102.246.3',
'43.225.189.163',
'185.201.188.34',
'178.249.209.163',
'199.116.118.210',
'198.54.130.147',
'156.59.50.195',
'198.44.136.195',
'198.44.129.67',
'37.19.221.170',
'96.44.189.99',
'146.70.134.3',
'66.115.189.200',
'103.75.11.51',
'69.4.234.118',
'146.70.173.195',
'138.199.60.29',
'66.115.189.160',
'154.47.30.144',
'178.249.211.80',
'143.244.47.92',
'146.70.132.227',
'193.19.207.226',
'46.19.136.227',
'68.235.44.35',
'103.136.147.4',
'198.54.133.163',
'169.150.203.16',
'146.70.224.3',
'87.249.134.15',
'198.54.134.131',
'142.147.89.226',
'146.70.117.35',
'193.19.207.196',
'146.70.144.35',
'146.70.173.131',
'107.150.22.3',
'169.150.201.29',
'146.70.117.163',
'146.70.138.195',
'146.70.184.67',
'104.129.57.67',
'185.248.85.49',
'146.70.168.67',
'138.199.43.66',
'79.127.217.35',
'194.127.167.108',
'194.36.25.49',
'146.70.171.67',
'138.199.60.3',
'45.134.212.93',
'146.70.187.67',
'66.63.167.163',
'154.47.29.3',
'149.102.246.16',
'198.44.129.99',
'146.70.128.195',
'185.65.134.191',
'146.70.119.35',
'87.249.134.28',
'149.102.240.67',
'103.75.11.67',
'69.4.234.124',
'169.150.196.3',
'169.150.201.3',
'185.188.61.196',
'87.249.134.2',
'138.199.15.163',
'45.134.213.195',
'138.199.6.208',
'169.150.227.223',
'146.70.200.3',
'149.88.22.156',
'173.205.85.35',
'206.217.206.48',
'194.36.25.4',
'154.47.16.48',
'37.19.200.131',
'146.70.166.131',
'37.19.221.144',
'149.88.20.207',
'79.127.222.195',
'194.127.167.88',
'96.44.191.131',
'69.4.234.119',
'138.199.6.221',
'146.70.128.227',
'66.63.167.195',
'169.150.196.16',
'185.201.188.4',
'173.44.63.67',
'79.127.222.208',
'198.54.134.99',
'198.54.135.131',
'138.199.43.79',
'66.115.189.190',
'149.88.20.194',
'141.98.252.190',
'129.227.46.163',
'31.171.154.51',
'79.127.217.48',
'69.4.234.116',
'206.217.206.68',
'103.125.233.19',
'146.70.188.131',
'169.150.227.198',
'129.227.46.131',
'198.44.136.99',
'149.88.22.130',
'193.138.7.138',
'146.70.168.195',
'169.150.203.29',
'206.217.205.118',
'146.70.185.3',
'146.70.124.131',
'194.127.199.32',
'149.102.240.80',
'143.244.47.79',
'178.255.149.166',
'188.241.176.195',
'69.4.234.125',
'138.199.21.240',
'45.134.79.98',
'178.249.209.176',
'68.235.44.3',
'198.54.133.131',
'193.138.7.158',
'154.47.30.131',
'204.152.216.115',
'206.217.205.125',
'37.19.200.144',
'146.70.171.131',
'198.54.130.99',
'149.22.81.208',
'146.70.197.131',
'198.54.131.131',
'138.199.15.147',
'185.248.85.34',
'143.244.47.66',
'92.60.40.225',
'178.249.214.3',
'146.70.133.3',
'179.43.189.67',
'69.4.234.120',
'146.70.199.195',
'185.156.46.157',
'45.134.142.194',
'68.235.44.195',
'209.54.101.131',
'104.129.41.195',
'146.70.225.3',
'206.217.205.126',
'103.136.147.130',
'194.110.115.3',
'178.249.211.93',
'185.188.61.226',
'194.110.115.35',
'146.70.198.195',
'169.150.198.67',
'103.108.229.67',
'138.199.60.16',
'96.44.191.147',
'31.170.22.16',
'45.134.140.131',
'169.150.196.29',
'103.216.220.19',
'173.205.93.3',
'146.70.199.131',
'103.214.20.131',
'149.88.22.143',
'149.40.50.113',
'138.199.21.227',
'138.199.6.195',
'103.216.220.35',
'198.44.136.67',
'199.116.118.194',
'146.70.129.131',
'199.116.118.233',
'146.70.184.3',
'185.254.75.14',
'38.240.225.69',
'149.22.81.195',
'43.225.189.132',
'45.134.142.207',
'146.70.196.195',
'198.44.140.195',
'206.217.205.119',
'38.240.225.37',
'169.150.227.211',
'37.19.200.157',
'146.70.132.195',
'146.70.211.67',
'206.217.206.28',
'178.249.214.16',
'149.88.22.169',
'149.88.104.16',
'194.36.25.34',
'146.70.197.195',
'45.134.212.80',
'156.59.50.227',
'104.223.91.19',
'198.54.130.131',
'185.248.85.19',
'45.134.79.68',
'45.134.142.220',
'185.204.1.179',
'146.70.129.99',
'146.70.133.99',
'69.4.234.122',
'178.249.211.67',
'198.54.131.163',
'198.44.129.35',
'103.108.231.51',
'146.70.165.3',
'37.19.221.157',
'92.60.40.210',
'154.47.16.35',
'194.127.199.3',
'37.19.210.2',
'103.108.231.67',
'204.152.216.99',
'176.123.7.143',
'176.123.10.35',
'195.160.223.23'
)
ORDER BY
event_timestamp;
Sources:
* https://docs.snowflake.com/en/sql-reference/account-usage/login_history
Identifying Access from Suspected Clients
The following query will return sessions belonging to the suspected clients.
SELECT
*
FROM
snowflake.account_usage.sessions
WHERE
PARSE_JSON(CLIENT_ENVIRONMENT):APPLICATION = 'rapeflake'
OR
(
PARSE_JSON(CLIENT_ENVIRONMENT):APPLICATION = 'DBeaver_DBeaverUltimate'
AND
PARSE_JSON(CLIENT_ENVIRONMENT):OS = 'Windows Server 2022'
)
ORDER BY CREATED_ON;
Sources:
* https://docs.snowflake.com/en/sql-reference/account-usage/sessions
Disabling Suspected Users
If either of the queries listed above returned user accounts that you determine
are suspicious and you wish to disable them, the following query can be used to
disable individual users.
set user_name = "SUSPECTED_USER";
ALTER USER IDENTIFIER($user_name) SET DISABLED = TRUE
Disabling a user will have the following effects:
* All queries and other SQL statements currently running or scheduled by the
user are aborted and the user cannot initiate additional queries.
* Any existing sessions of the user are automatically closed and the user is
locked out of Snowflake and cannot log in again (with the exception of the
ALLOW_ID_TOKEN parameter being enabled as outlined below).
Important
If you have enabled the ALLOW_ID_TOKEN parameter on your account, the user must
be left in the disabled state for 6 hours to fully invalidate any possible
unauthorized access via this ID token feature. Users in a disabled state cannot
access or initiate additional queries against the Snowflake account; however, if
the user is re-enabled before this time the attacker may be able to generate a
new session using an existing ID token, even after the password has been reset
or MFA has been enabled.
After you have disabled the account, we recommend contacting the account owner
to determine if the activity originated from them.
Sources:
* https://docs.snowflake.com/en/user-guide/admin-user-management#disabling-or-enabling-a-user
* https://docs.snowflake.com/en/sql-reference/parameters#allow-id-token
* https://docs.snowflake.com/en/sql-reference/sql/alter-user#:~:text=If%20you%20specify,log%20in%20again.
Resetting Credentials for Suspected Users
Before restoring access to impacted users, we recommend implementing the
security hardening steps described in the Prevention section below.
set user_name = "SUSPECTED_USER";
select SYSTEM$REMOVE_ALL_DELEGATED_AUTHORIZATIONS($user_name, 'NUMERACY');
select SYSTEM$REMOVE_ALL_DELEGATED_AUTHORIZATIONS($user_name, 'SNOWSCOPE');
select SYSTEM$REMOVE_ALL_DELEGATED_AUTHORIZATIONS($user_name, 'APPLICA');
select SYSTEM$REMOVE_ALL_DELEGATED_AUTHORIZATIONS($user_name, 'CLEANROOM');
SHOW SECURITY INTEGRATIONS;
-- For each listed security integration of type OAuth displayed by
-- the above command, revoke the authorization:
select SYSTEM$REMOVE_ALL_DELEGATED_AUTHORIZATIONS($user_name, <INTEGRATION>);
ALTER USER IDENTIFIER($user_name) RESET PASSWORD;
-- If the user has SSH keys, reset them
ALTER USER IDENTIFIER($user_name) UNSET RSA_PUBLIC_KEY;
ALTER USER IDENTIFIER($user_name) UNSET RSA_PUBLIC_KEY_2;
Sources:
* https://docs.snowflake.com/en/sql-reference/sql/alter-user
* https://docs.snowflake.com/en/sql-reference/sql/alter-user#object-properties-objectproperties
INVESTIGATION
Review What Actions Were Taken by Identified Users
THIS QUERY WILL PROVIDE THE SQL STATEMENTS THAT WERE EXECUTED BY THE SUSPECTED
USER. THERE MAY BE UP TO 45 MINUTES OF LATENCY BEFORE QUERIES APPEAR IN THIS
VIEW.
set u_name = 'SUSPECTED_USER';
set s_time = '2024-04-01';
set e_time = CURRENT_TIMESTAMP;
SELECT
*
FROM
snowflake.account_usage.query_history
WHERE
user_name = $u_name
AND start_time BETWEEN $s_time
AND $e_time
ORDER BY
start_time;
Sources:
* https://docs.snowflake.com/en/sql-reference/account-usage/query_history
Review Executed Queries for External Access
Some UDFs and stored procedures can be explicitly granted access to make network
requests. Use this query to check for network data transfers using the query ID
from the above query.
set q_id = 'b7cc1e6e-01a5-44de-9ce8-3a976ad30aad';
set s_time = '2024-04-01';
set e_time = CURRENT_TIMESTAMP;
SELECT
*
FROM
snowflake.account_usage.external_access_history e
join snowflake.account_usage.query_history q on e.query_id = q.query_id
WHERE
q.query_id = $q_id
AND start_time BETWEEN $s_time
AND $e_time
ORDER BY
start_time;
Sources:
* https://docs.snowflake.com/en/sql-reference/account-usage/external_access_history
Review Sessions for Unusual Applications
Snowflake’s session view provides information on the client environment that
connects to the Snowflake account. Use this query to check for unusual client
applications and conduct further analysis for unusual applications or operating
systems.
SELECT
COUNT(*) AS client_app_count,
PARSE_JSON(client_environment) :APPLICATION :: STRING AS client_application,
PARSE_JSON(client_environment) :OS :: STRING AS client_os,
PARSE_JSON(client_environment) :OS_VERSION :: STRING AS client_os_version
FROM
snowflake.account_usage.sessions sessions
WHERE
1 = 1
AND sessions.created_on >= '2024-04-01'
GROUP BY
ALL
ORDER BY
1 ASC;
Sources:
* https://docs.snowflake.com/en/sql-reference/account-usage/sessions
PREVENTION
Setting up Network Policies
Set up account-level and user-level Network Policies for highly credentialed
users/service accounts.
//Aggregate of client IP's leveraged at authentication for service discovery
(client IP/ user), driver, and authentication mechanism (recommendation is to
leverage SAML, Key Pair, or OAuth). *The customer will update the trusted CIDR
ranges that will apply to the Network Policy enforced at the Account level.
select client_ip, user_name, reported_client_type, first_authentication_factor,
count(*)
from login_history
group by client_ip, user_name, reported_client_type, first_authentication_factor
order by count(*) desc;
Review Account Parameters
Review account parameters to restrict how data can be exported from your
Snowflake Account. Customers will need to do due diligence on enabling these
features and their impacts on existing account integrations.
alter account set PREVENT_UNLOAD_TO_INLINE_URL = true;
alter account set REQUIRE_STORAGE_INTEGRATION_FOR_STAGE_CREATION = true;
alter account set REQUIRE_STORAGE_INTEGRATION_FOR_STAGE_OPERATION = true;
alter account set PREVENT_UNLOAD_TO_INTERNAL_STAGES = true;
Review Account for Configuration Drift
Monitor your Snowflake accounts for unauthorized privilege escalation or
configuration changes.
//The query below will display potential indicators of privlidge escalation as
users are granted the ACCOUNTADMIN role as the highest privlidge role in
Snowflake. This does not include custom roles that may have been granted the
ACCOUNTADMIN role.
select user_name || ' granted the ' || role_name || ' role on ' || end_time ||'
[' || query_text ||']' as Grants
from query_history where execution_status = 'SUCCESS'
and query_type = 'GRANT' and
query_text ilike '%grant%accountadmin%to%'
order by end_time desc;
//Example query to detect unauthorized change management/ security anomalies
SELECT
query_text,
user_name,
role_name,
start_time,
end_time
FROM snowflake.account_usage.query_history
WHERE execution_status = 'SUCCESS'
AND query_type NOT in ('SELECT')
AND (query_text ILIKE '%create role%'
OR query_text ILIKE '%manage grants%'
OR query_text ILIKE '%create integration%'
OR query_text ILIKE '%alter integration%'
OR query_text ILIKE '%create share%'
OR query_text ILIKE '%create account%'
OR query_text ILIKE '%monitor usage%'
OR query_text ILIKE '%ownership%'
OR query_text ILIKE '%drop table%'
OR query_text ILIKE '%drop database%'
OR query_text ILIKE '%create stage%'
OR query_text ILIKE '%drop stage%'
OR query_text ILIKE '%alter stage%'
OR query_text ILIKE '%create user%'
OR query_text ILIKE '%alter user%'
OR query_text ILIKE '%drop user%'
OR query_text ILIKE '%create_network_policy%'
OR query_text ILIKE '%alter_network_policy%'
OR query_text ILIKE '%drop_network_policy%'
OR query_text ILIKE '%copy%'
)
ORDER BY end_time desc;
Review Service Account Authentication
For service accounts (i.e., non-human interactive use cases), use key pair
authentication or OAuth for machine-to-machine communication (client credentials
grant) in lieu of static credentials.
In change management, enabling one authentication mechanism does not disable
another in Snowflake. As Key Pair or OAuth is configured, customers can choose
to unset the user password to remediate static credentials stored in Snowflake.
Was this article helpful?
YesNo
HELPFUL LINKS
Support Portal Case Submission Updates
Snowflake Global Support Phone Numbers
Snowflake Status Page
Release Notes
Behavior Changes
MOST VIEWED
* 5.12 Behavior Change Release Notes - April 12-13, 2021
* 5.23 Behavior Change Release Notes - June 21-22, 2021
* 5.37 Release Update - October 18-19, 2021: Behavior Change Bundle Statuses
and Other Changes
* 7.7 Behavior Changes - March 6-7 2023
* 6.2 Behavior Change Release Notes - February 1-2, 2022
Nothing found
Loading
* RESOURCES
* Documentation
* Educational Services
* Snowflake University
* Get Started in the Snowflake Community
* Knowledge Base
* PRODUCTS
* Overview
* Architecture
* Security
* Pricing
* ABOUT
* About Snowflake
* Team
* Board
* Careers
Sign Up for snowflake communications
Privacy Notice | Site Terms | Cookies Settings | Do not Share My personal
Information
© 2024 Snowflake Inc. All Rights Reserved | If you'd rather not receive future
emails from Snowflake,
unsubscribe here or customize your communication preferences
*
*
*
*
Loading
SNOWFLAKE'S USE OF COOKIES
We use cookies to enhance your experience, to display customized content, and to
analyze site traffic. By clicking "Accept Cookies" or closing this banner, you
provide your consent to our use of cookies. To learn more about the cookies we
use and to set your own preferences, see ourCookie Statement.
Cookies Settings Reject All Accept All Cookies
PRIVACY PREFERENCE CENTER
Your Opt Out Preference Signal is Honored
* YOUR PRIVACY
* STRICTLY NECESSARY COOKIES
* PERFORMANCE COOKIES
* FUNCTIONAL COOKIES
* TARGETING COOKIES
YOUR PRIVACY
When you visit any website, it may store or retrieve information on your
browser, mostly in the form of cookies. This information might be about you,
your preferences or your device and is mostly used to make the site work as you
expect it to. The information does not usually directly identify you, but it can
give you a more personalized web experience. Because we respect your right to
privacy, you can choose not to allow some types of cookies. Click on the
different category headings to find out more and change our default settings.
However, blocking some types of cookies may impact your experience of the site
and the services we are able to offer.
More information
STRICTLY NECESSARY COOKIES
Always Active
These cookies are necessary for the website to function and cannot be switched
off. They are usually only set in response to actions made by you which amount
to a request for services, such as setting your privacy preferences, logging in
or filling in forms. You can set your browser to block or alert you about these
cookies, but some parts of the site will not then work. These cookies do not
store any personally identifiable information.
Cookies Details
PERFORMANCE COOKIES
Performance Cookies
These cookies allow us to count visits and traffic sources so we can measure and
improve the performance of our site. They help us to know which pages are the
most and least popular and see how visitors move around the site. All
information these cookies collect is aggregated and therefore anonymous. If you
do not allow these cookies we will not know when you have visited our site, and
will not be able to monitor its performance.
Cookies Details
FUNCTIONAL COOKIES
Functional Cookies
These cookies enable the website to provide enhanced functionality and
personalisation. They may be set by us or by third party providers whose
services we have added to our pages. If you do not allow these cookies then
some or all of these services may not function properly.
Cookies Details
TARGETING COOKIES
Targeting Cookies
These cookies may be set through our site by our advertising partners. They may
be used by those companies to build a profile of your interests and show you
relevant adverts on other sites. They do not store directly identifiable
personal information, but are based on uniquely identifying your browser and
internet device. If you do not allow these cookies, you will experience less
targeted advertising.
Cookies Details
Back Button
COOKIE LIST
Filter Button
Consent Leg.Interest
checkbox label label
checkbox label label
checkbox label label
Clear
checkbox label label
Apply Cancel
Confirm My Choices
Allow All