Skip to content

Advanced Snowflake Connection Properties

Various advanced properties can be specified in the Snowflake connection itself. These properties apply to the individual Snowflake connection. They have all been described earlier on this page but are listed here for convenience.

  • okera.policy_sync.enabled: Identifies the type of policy enforcement used for the Snowflake connection. Valid values are true (policy synchronization is used) or false (BI Gateway enforcement is used). See Select Use of the BI Gateway Enforcement Mechanism and Select Use of the Policy Synchronization Enforcement Mechanism.

  • okera.policy_sync.scheduled: Indicates whether automatic policy synchronization occurs for a Snowflake connection. Valid values are true (enable automatic synchronization) and false (disable automatic synchronization). See Control Automatic Synchronization.

  • okera.policy_sync.user_allowed_list: Okera UI users should not use this advanced property. Instead, use the Synchronize permissions for all Snowflake users checkbox and the Synchronize permissions for specific Snowflake users entry box on the Create new Snowflake connection dialog to specify a comma-separated list of Snowflake users (with no spaces) or a Snowflake tag with an on or off value. You cannot specify both a tag and list of user names in a single connection. See Permission synchronization.

    However, if you use the API to create a Snowflake connection, you can use this property to specify the Snowflake users or tag for which policy synchronization should occur. Valid values for this parameter are either a comma-separated list of Snowflake users (with no spaces) or a Snowflake tag with an on or off tag value.

    Only one tag can be specified per connection. The syntax for specifying a tag name is tag:<tag-name>:<on or off>. For example, tag:OKERA_UDFS.PUBLIC.OKERA_POLICY_SYNC_TAG:on. To learn how to set up tags for Snowflake users, see Tag Users in Snowflake.

    Policies are synced for Snowflake users with the specified usernames or with the Snowflake tag on or off as specified. If no list or tag is specified, all Snowflake users are synced. See Limit Synchronized Users.

  • okera.policy_sync.audit_logs: Indicates whether the Snowflake compliance history is logged in Okera's audit logs. Valid values are true (log the compliance history) and false (do not log the compliance history). See Audit Log Processing.