我们能否像在 SQL 服务器中那样加密雪花中的存储过程?
Can we Encrypt Stored procedures in snowflakes similar to what we do in SQL Server?
我们能否像在 SQL 服务器中那样加密 Snowflake 中的存储过程?
例如,类似于
CREATE PROCEDURE #EncryptSP
WITH ENCRYPTION
AS
QUERY HERE
GO
Snowflake 数据库中的所有内容都是加密的,因此我认为问题在于允许用户 运行 存储过程但看不到其内容。那不是问题。
-- Using a database called TEST
grant usage on database test to role public;
grant usage on schema public to role public;
-- Create a secure procedure and run it as SYSADMIN (or whatever role you want)
create or replace secure procedure test.public.hello_world()
returns string
language JavaScript
execute as owner
as
$$
return "Hello world";
$$;
-- Allow users in the PUBLIC role to run the procedure
grant usage on procedure HELLO_WORLD() to role PUBLIC;
-- Test that users in role PUBLIC can run the procedure
use role public;
use database test;
use schema public;
call HELLO_WORLD();
-- However, they cannot see the stored procedure
select get_ddl('procedure', 'HELLO_WORLD()');
-- The owner can.
use role SYSADMIN;
select get_ddl('procedure', 'HELLO_WORLD()');
我们能否像在 SQL 服务器中那样加密 Snowflake 中的存储过程?
例如,类似于
CREATE PROCEDURE #EncryptSP
WITH ENCRYPTION
AS
QUERY HERE
GO
Snowflake 数据库中的所有内容都是加密的,因此我认为问题在于允许用户 运行 存储过程但看不到其内容。那不是问题。
-- Using a database called TEST
grant usage on database test to role public;
grant usage on schema public to role public;
-- Create a secure procedure and run it as SYSADMIN (or whatever role you want)
create or replace secure procedure test.public.hello_world()
returns string
language JavaScript
execute as owner
as
$$
return "Hello world";
$$;
-- Allow users in the PUBLIC role to run the procedure
grant usage on procedure HELLO_WORLD() to role PUBLIC;
-- Test that users in role PUBLIC can run the procedure
use role public;
use database test;
use schema public;
call HELLO_WORLD();
-- However, they cannot see the stored procedure
select get_ddl('procedure', 'HELLO_WORLD()');
-- The owner can.
use role SYSADMIN;
select get_ddl('procedure', 'HELLO_WORLD()');