Salesforce

Databases & Schemas: Dropping or Replacing Not Allowed if Results in Dangling References for Policies and Tags

Printable View
« Go Back

Information

 
Summary
Last Modified DateNovember 1, 2022
Article Body

This behavior change is in the 2022_07 bundle. In the 6.32 release, the bundle is disabled by default.

For the most up-to-date details about the version and date in which it will be enabled, as well as other release-related details, see the Behavior Change Log.

The behavior of the DROP SCHEMA, DROP DATABASE, CREATE OR REPLACE DATABASE, and CREATE OR REPLACE SCHEMA operations with respect to a masking policy, tag, and protected column in a table has changed as follows:

Previously:

When the tag and policy are in the same schema and the table is in a different schema, Snowflake allowed the DROP and REPLACE operations on the schema/database that contains a tag and masking policy when the protected column in the table exists in a different schema/database.
Four commands were affected:

  • DROP DATABASE
  • DROP SCHEMA
  • CREATE OR REPLACE DATABASE
  • CREATE OR REPLACE SCHEMA

Currently:

When the tag and policy are in the same schema and the table is in a different schema, Snowflake does not allow the DROP and REPLACE operations on the schema/database that contains a tag and masking policy when the protected column in the table exists in a different schema/database.
The behavior of these four commands has changed:

  • DROP DATABASE
  • DROP SCHEMA
  • CREATE OR REPLACE DATABASE
  • CREATE OR REPLACE SCHEMA

For example:

  • A tag named t1 exists in the schema named governance.tags.
  • A masking policy named p1 exists in the schema named governance.tags.
  • The masking policy named p1 is assigned to the tag named t1 (i.e. tag-based masking policy).
  • The tag named t1 is assigned to a table named finance.accounting.customers.

Previously: 
Snowflake allowed the DROP SCHEMA operation on the schema named governance.tags and the DROP DATABASE operation on the database named governance while that tag named t1 is assigned to the table named finance.accounting.customers.

Currently: 
Snowflake does not allow the DROP SCHEMA operation on the schema named governance.tags and the DROP DATABASE operation on the database named governance while that tag named t1 is assigned to the table named finance.accounting.customers.

Depending on the operation, Snowflake returns one of the following error messages:

  • DROP DATABASE & CREATE OR REPLACE DATABASE:

Cannot drop or replace database because: Tag governance.tags.tag1 used by schema finance.accounting in another database
 

  • DROP SCHEMA & CREATE OR REPLACE SCHEMA:

Cannot drop or replace schema because: Tag governance.tags.tag1 used by another schema finance.accounting
 

Ref: 836

TitleDatabases & Schemas: Dropping or Replacing Not Allowed if Results in Dangling References for Policies and Tags
URL Namedb-schema-drop-replace-dangling-policy-tag-reference
Category 
Sub Category 
Article Record TypeRelease Notes
Powered by