Snowflake: Can we create a secure view for sharing via Secure share over a table that also has row access policy enabled?

Question

I have a table in my snowflake account with row access policy enabled to restrict access based on let's say 'region'.

Now , if i want to share this table to a reader account , how can I achieve that ? I tried creating a secure view following the doc - https://docs.snowflake.com/en/user-guide/data-sharing-secure-views.html#sample-setup-and-tasks

However, when I select rows on the secure view via reader account, I do not see any rows though I added an entry for sharing_access.

When I tried the same with a table without row access policy , it works fine.

So was wondering if there is any limitation/restriction of using row access policy with secure shares ?

Answer 1

If you are asking whether you can share a secure view that references a table that has row access policies, the answer is yes. However, the row access policy must include an INVOKER_SHARE type of reference in order for the consumer to see any data. If your current row access policy only includes provider roles, then the consumer will not see any data.

Here is a brief reference in the documentation:

https://docs.snowflake.com/en/user-guide/security-row-intro.html#data-sharing

Answer 2

Data sharing consumers cannot apply a row access policy to a shared table or view. As a workaround, import the shared table or view and then apply the row access policy to a local view that queries the shared table or view.