https://marmanold.com/tags/reader-account/Recent content in Reader Account on Marmanold.comHugoen-UShttps://marmanold.com/favicon/favicon-32x32.pnghttps://marmanold.com/michael@rnold.info (Michael W. Arnold)Fri, 28 Feb 2025 15:40:44 -0600https://marmanold.com/tech/error-in-secure-object/Mon, 03 Mar 2025 16:15:05 -0600https://marmanold.com/tech/error-in-secure-object/Michael W. Arnoldsnowflakesecure viewsecure sharereader accounterrorsecure object<p>Recently I&rsquo;ve been working with <a href="https://docs.snowflake.com/en/user-guide/data-sharing-intro">secure data sharing</a> in <a href="https://www.snowflake.com">Snowflake</a>.</p> <p>We&rsquo;ve not yet shared our data using a normal private share to another Snowflake account, but I&rsquo;ve tested everything. Using <code>SIMULATED_DATA_SHARING_CONSUMER</code> and setting the consumer id to my expected account, I was getting data back from the share and everything was working fine.</p> <p>Today, however, we got a request to share our data to a <a href="https://docs.snowflake.com/en/user-guide/data-sharing-reader-create">managed reader account</a>. I created the account, logged in, copied the share into a database, and could see all of my secure views. But, when I went to query the view, some of the views that were previously working, suddenly were not. All I got back was an ominous &ldquo;Error in secure object.&rdquo;</p><p>Recently I&rsquo;ve been working with <a href="https://docs.snowflake.com/en/user-guide/data-sharing-intro">secure data sharing</a> in <a href="https://www.snowflake.com">Snowflake</a>.</p> <p>We&rsquo;ve not yet shared our data using a normal private share to another Snowflake account, but I&rsquo;ve tested everything. Using <code>SIMULATED_DATA_SHARING_CONSUMER</code> and setting the consumer id to my expected account, I was getting data back from the share and everything was working fine.</p> <p>Today, however, we got a request to share our data to a <a href="https://docs.snowflake.com/en/user-guide/data-sharing-reader-create">managed reader account</a>. I created the account, logged in, copied the share into a database, and could see all of my secure views. But, when I went to query the view, some of the views that were previously working, suddenly were not. All I got back was an ominous &ldquo;Error in secure object.&rdquo;</p> <p>My view looked something like the below. It was a simple view, no private functions, and nothing fancy.</p> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-sql" data-lang="sql"><span style="display:flex;"><span><span style="color:#66d9ef">CREATE</span> </span></span><span style="display:flex;"><span><span style="color:#66d9ef">OR</span> <span style="color:#66d9ef">REPLACE</span> SECURE <span style="color:#66d9ef">VIEW</span> secure.student <span style="color:#66d9ef">AS</span> </span></span><span style="display:flex;"><span><span style="color:#66d9ef">SELECT</span> </span></span><span style="display:flex;"><span> ss.id <span style="color:#66d9ef">AS</span> <span style="color:#e6db74">&#34;student_id&#34;</span>, </span></span><span style="display:flex;"><span> ss.<span style="color:#e6db74">&#34;name&#34;</span> <span style="color:#66d9ef">AS</span> <span style="color:#e6db74">&#34;student_name&#34;</span> </span></span><span style="display:flex;"><span> sv.groups <span style="color:#66d9ef">As</span> <span style="color:#e6db74">&#34;group&#34;</span> </span></span><span style="display:flex;"><span><span style="color:#66d9ef">FROM</span> private.students <span style="color:#66d9ef">AS</span> ss </span></span><span style="display:flex;"><span><span style="color:#66d9ef">INNER</span> <span style="color:#66d9ef">JOIN</span> private.v_student_groups <span style="color:#66d9ef">AS</span> sv <span style="color:#66d9ef">ON</span> </span></span><span style="display:flex;"><span> sv.student_id <span style="color:#f92672">=</span> ss.id </span></span><span style="display:flex;"><span><span style="color:#66d9ef">INNER</span> <span style="color:#66d9ef">JOIN</span> private.sharing_access <span style="color:#66d9ef">AS</span> sa <span style="color:#66d9ef">ON</span> </span></span><span style="display:flex;"><span> sa.school_id <span style="color:#f92672">=</span> ss.school_id </span></span><span style="display:flex;"><span> <span style="color:#66d9ef">AND</span> sa.snowflake_account <span style="color:#f92672">=</span> current_account(); </span></span></code></pre></div><p>After much trial and error, I finally figured out what the issue was. I&rsquo;m not sure if this applies only to managed reader accounts or all shares, but at least in my case there are a few things that just <em>aren&rsquo;t</em> allowed in a Snowflake secure view.</p> <ol> <li><code>ss.&quot;name&quot;</code> had to be changed to <code>ss.name</code>; I.e no quoted column references</li> <li>My join to <code>v_student_groups</code> (a view) had to go.; You can join to tables, but views are out of the question, it would seem.</li> </ol> <p>I didn&rsquo;t see any of this documented anywhere, so I hope this gets indexed and helps the next guy banging his head against this issue.</p> <p>tldr; If you&rsquo;re getting an <code>Error in secure object</code> response when querying a secure view in a Snowflake managed reader account, you need to make some minor changes to the SQL in your views before it&rsquo;ll run.</p>