SessionPolicy

Snowflake v2.15.0, May 9 26

Viewing docs for Snowflake v2.15.0
published on Saturday, May 9, 2026 by Pulumi

Schema (JSON)

pulumi/pulumi-snowflake

Viewing docs for Snowflake v2.15.0
published on Saturday, May 9, 2026 by Pulumi

Schema (JSON)

pulumi/pulumi-snowflake

!> Caution: Preview Feature This feature is considered a preview feature in the provider, regardless of the state of the resource in Snowflake. We do not guarantee its stability. It will be reworked and marked as a stable feature in future releases. Breaking changes are expected, even without bumping the major version. To use this feature, add the relevant feature name to previewFeaturesEnabled field in the provider configuration. Please always refer to the Getting Help section in our Github repo to best determine how to get help for your questions.

Resource used to manage session policy objects. For more information, check session policy documentation.

Example Usage

Note Instead of using fully_qualified_name, you can reference objects managed outside Terraform by constructing a correct ID, consult identifiers guide.

import * as pulumi from "@pulumi/pulumi";
import * as snowflake from "@pulumi/snowflake";

//# Minimal
const basic = new snowflake.SessionPolicy("basic", {
    database: "database_name",
    schema: "schema_name",
    name: "session_policy_name",
});
//# Complete (with every optional set)
const complete = new snowflake.SessionPolicy("complete", {
    database: "database_name",
    schema: "schema_name",
    name: "session_policy_name",
    sessionIdleTimeoutMins: 60,
    sessionUiIdleTimeoutMins: 60,
    allowedSecondaryRoles: {
        roles: [
            "ROLE_A",
            "ROLE_B",
        ],
    },
    blockedSecondaryRoles: {
        roles: [
            "ROLE_C",
            "ROLE_D",
        ],
    },
    comment: "My session policy",
});
//# Secondary roles using all / none
const secondaryRolesAllNone = new snowflake.SessionPolicy("secondary_roles_all_none", {
    database: "database_name",
    schema: "schema_name",
    name: "session_policy_name",
    allowedSecondaryRoles: {
        all: true,
    },
    blockedSecondaryRoles: {
        none: true,
    },
});

import pulumi
import pulumi_snowflake as snowflake

## Minimal
basic = snowflake.SessionPolicy("basic",
    database="database_name",
    schema="schema_name",
    name="session_policy_name")
## Complete (with every optional set)
complete = snowflake.SessionPolicy("complete",
    database="database_name",
    schema="schema_name",
    name="session_policy_name",
    session_idle_timeout_mins=60,
    session_ui_idle_timeout_mins=60,
    allowed_secondary_roles={
        "roles": [
            "ROLE_A",
            "ROLE_B",
        ],
    },
    blocked_secondary_roles={
        "roles": [
            "ROLE_C",
            "ROLE_D",
        ],
    },
    comment="My session policy")
## Secondary roles using all / none
secondary_roles_all_none = snowflake.SessionPolicy("secondary_roles_all_none",
    database="database_name",
    schema="schema_name",
    name="session_policy_name",
    allowed_secondary_roles={
        "all": True,
    },
    blocked_secondary_roles={
        "none": True,
    })

package main

import (
	"github.com/pulumi/pulumi-snowflake/sdk/v2/go/snowflake"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		// # Minimal
		_, err := snowflake.NewSessionPolicy(ctx, "basic", &snowflake.SessionPolicyArgs{
			Database: pulumi.String("database_name"),
			Schema:   pulumi.String("schema_name"),
			Name:     pulumi.String("session_policy_name"),
		})
		if err != nil {
			return err
		}
		// # Complete (with every optional set)
		_, err = snowflake.NewSessionPolicy(ctx, "complete", &snowflake.SessionPolicyArgs{
			Database:                 pulumi.String("database_name"),
			Schema:                   pulumi.String("schema_name"),
			Name:                     pulumi.String("session_policy_name"),
			SessionIdleTimeoutMins:   pulumi.Int(60),
			SessionUiIdleTimeoutMins: pulumi.Int(60),
			AllowedSecondaryRoles: &snowflake.SessionPolicyAllowedSecondaryRolesArgs{
				Roles: pulumi.StringArray{
					pulumi.String("ROLE_A"),
					pulumi.String("ROLE_B"),
				},
			},
			BlockedSecondaryRoles: &snowflake.SessionPolicyBlockedSecondaryRolesArgs{
				Roles: pulumi.StringArray{
					pulumi.String("ROLE_C"),
					pulumi.String("ROLE_D"),
				},
			},
			Comment: pulumi.String("My session policy"),
		})
		if err != nil {
			return err
		}
		// # Secondary roles using all / none
		_, err = snowflake.NewSessionPolicy(ctx, "secondary_roles_all_none", &snowflake.SessionPolicyArgs{
			Database: pulumi.String("database_name"),
			Schema:   pulumi.String("schema_name"),
			Name:     pulumi.String("session_policy_name"),
			AllowedSecondaryRoles: &snowflake.SessionPolicyAllowedSecondaryRolesArgs{
				All: pulumi.Bool(true),
			},
			BlockedSecondaryRoles: &snowflake.SessionPolicyBlockedSecondaryRolesArgs{
				None: pulumi.Bool(true),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Snowflake = Pulumi.Snowflake;

return await Deployment.RunAsync(() => 
{
    //# Minimal
    var basic = new Snowflake.SessionPolicy("basic", new()
    {
        Database = "database_name",
        Schema = "schema_name",
        Name = "session_policy_name",
    });

    //# Complete (with every optional set)
    var complete = new Snowflake.SessionPolicy("complete", new()
    {
        Database = "database_name",
        Schema = "schema_name",
        Name = "session_policy_name",
        SessionIdleTimeoutMins = 60,
        SessionUiIdleTimeoutMins = 60,
        AllowedSecondaryRoles = new Snowflake.Inputs.SessionPolicyAllowedSecondaryRolesArgs
        {
            Roles = new[]
            {
                "ROLE_A",
                "ROLE_B",
            },
        },
        BlockedSecondaryRoles = new Snowflake.Inputs.SessionPolicyBlockedSecondaryRolesArgs
        {
            Roles = new[]
            {
                "ROLE_C",
                "ROLE_D",
            },
        },
        Comment = "My session policy",
    });

    //# Secondary roles using all / none
    var secondaryRolesAllNone = new Snowflake.SessionPolicy("secondary_roles_all_none", new()
    {
        Database = "database_name",
        Schema = "schema_name",
        Name = "session_policy_name",
        AllowedSecondaryRoles = new Snowflake.Inputs.SessionPolicyAllowedSecondaryRolesArgs
        {
            All = true,
        },
        BlockedSecondaryRoles = new Snowflake.Inputs.SessionPolicyBlockedSecondaryRolesArgs
        {
            None = true,
        },
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.snowflake.SessionPolicy;
import com.pulumi.snowflake.SessionPolicyArgs;
import com.pulumi.snowflake.inputs.SessionPolicyAllowedSecondaryRolesArgs;
import com.pulumi.snowflake.inputs.SessionPolicyBlockedSecondaryRolesArgs;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        //# Minimal
        var basic = new SessionPolicy("basic", SessionPolicyArgs.builder()
            .database("database_name")
            .schema("schema_name")
            .name("session_policy_name")
            .build());

        //# Complete (with every optional set)
        var complete = new SessionPolicy("complete", SessionPolicyArgs.builder()
            .database("database_name")
            .schema("schema_name")
            .name("session_policy_name")
            .sessionIdleTimeoutMins(60)
            .sessionUiIdleTimeoutMins(60)
            .allowedSecondaryRoles(SessionPolicyAllowedSecondaryRolesArgs.builder()
                .roles(                
                    "ROLE_A",
                    "ROLE_B")
                .build())
            .blockedSecondaryRoles(SessionPolicyBlockedSecondaryRolesArgs.builder()
                .roles(                
                    "ROLE_C",
                    "ROLE_D")
                .build())
            .comment("My session policy")
            .build());

        //# Secondary roles using all / none
        var secondaryRolesAllNone = new SessionPolicy("secondaryRolesAllNone", SessionPolicyArgs.builder()
            .database("database_name")
            .schema("schema_name")
            .name("session_policy_name")
            .allowedSecondaryRoles(SessionPolicyAllowedSecondaryRolesArgs.builder()
                .all(true)
                .build())
            .blockedSecondaryRoles(SessionPolicyBlockedSecondaryRolesArgs.builder()
                .none(true)
                .build())
            .build());

    }
}

resources:
  ## Minimal
  basic:
    type: snowflake:SessionPolicy
    properties:
      database: database_name
      schema: schema_name
      name: session_policy_name
  ## Complete (with every optional set)
  complete:
    type: snowflake:SessionPolicy
    properties:
      database: database_name
      schema: schema_name
      name: session_policy_name
      sessionIdleTimeoutMins: 60
      sessionUiIdleTimeoutMins: 60
      allowedSecondaryRoles:
        roles:
          - ROLE_A
          - ROLE_B
      blockedSecondaryRoles:
        roles:
          - ROLE_C
          - ROLE_D
      comment: My session policy
  ## Secondary roles using all / none
  secondaryRolesAllNone:
    type: snowflake:SessionPolicy
    name: secondary_roles_all_none
    properties:
      database: database_name
      schema: schema_name
      name: session_policy_name
      allowedSecondaryRoles:
        all: true
      blockedSecondaryRoles:
        none: true

Example coming soon!

Note If a field has a default value, it is shown next to the type in the schema.

Create SessionPolicy Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new SessionPolicy(name: string, args: SessionPolicyArgs, opts?: CustomResourceOptions);

@overload
def SessionPolicy(resource_name: str,
                  args: SessionPolicyArgs,
                  opts: Optional[ResourceOptions] = None)

@overload
def SessionPolicy(resource_name: str,
                  opts: Optional[ResourceOptions] = None,
                  database: Optional[str] = None,
                  schema: Optional[str] = None,
                  allowed_secondary_roles: Optional[SessionPolicyAllowedSecondaryRolesArgs] = None,
                  blocked_secondary_roles: Optional[SessionPolicyBlockedSecondaryRolesArgs] = None,
                  comment: Optional[str] = None,
                  name: Optional[str] = None,
                  session_idle_timeout_mins: Optional[int] = None,
                  session_ui_idle_timeout_mins: Optional[int] = None)

func NewSessionPolicy(ctx *Context, name string, args SessionPolicyArgs, opts ...ResourceOption) (*SessionPolicy, error)

public SessionPolicy(string name, SessionPolicyArgs args, CustomResourceOptions? opts = null)

public SessionPolicy(String name, SessionPolicyArgs args)
public SessionPolicy(String name, SessionPolicyArgs args, CustomResourceOptions options)

type: snowflake:SessionPolicy
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

resource "snowflake_sessionpolicy" "name" {
    # resource properties
}

Parameters

name string: The unique name of the resource.
args SessionPolicyArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args SessionPolicyArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args SessionPolicyArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args SessionPolicyArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args SessionPolicyArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var sessionPolicyResource = new Snowflake.SessionPolicy("sessionPolicyResource", new()
{
    Database = "string",
    Schema = "string",
    AllowedSecondaryRoles = new Snowflake.Inputs.SessionPolicyAllowedSecondaryRolesArgs
    {
        All = false,
        None = false,
        Roles = new[]
        {
            "string",
        },
    },
    BlockedSecondaryRoles = new Snowflake.Inputs.SessionPolicyBlockedSecondaryRolesArgs
    {
        All = false,
        None = false,
        Roles = new[]
        {
            "string",
        },
    },
    Comment = "string",
    Name = "string",
    SessionIdleTimeoutMins = 0,
    SessionUiIdleTimeoutMins = 0,
});

example, err := snowflake.NewSessionPolicy(ctx, "sessionPolicyResource", &snowflake.SessionPolicyArgs{
	Database: pulumi.String("string"),
	Schema:   pulumi.String("string"),
	AllowedSecondaryRoles: &snowflake.SessionPolicyAllowedSecondaryRolesArgs{
		All:  pulumi.Bool(false),
		None: pulumi.Bool(false),
		Roles: pulumi.StringArray{
			pulumi.String("string"),
		},
	},
	BlockedSecondaryRoles: &snowflake.SessionPolicyBlockedSecondaryRolesArgs{
		All:  pulumi.Bool(false),
		None: pulumi.Bool(false),
		Roles: pulumi.StringArray{
			pulumi.String("string"),
		},
	},
	Comment:                  pulumi.String("string"),
	Name:                     pulumi.String("string"),
	SessionIdleTimeoutMins:   pulumi.Int(0),
	SessionUiIdleTimeoutMins: pulumi.Int(0),
})

resource "snowflake_sessionpolicy" "sessionPolicyResource" {
  database = "string"
  schema   = "string"
  allowed_secondary_roles = {
    all   = false
    none  = false
    roles = ["string"]
  }
  blocked_secondary_roles = {
    all   = false
    none  = false
    roles = ["string"]
  }
  comment                      = "string"
  name                         = "string"
  session_idle_timeout_mins    = 0
  session_ui_idle_timeout_mins = 0
}

var sessionPolicyResource = new SessionPolicy("sessionPolicyResource", SessionPolicyArgs.builder()
    .database("string")
    .schema("string")
    .allowedSecondaryRoles(SessionPolicyAllowedSecondaryRolesArgs.builder()
        .all(false)
        .none(false)
        .roles("string")
        .build())
    .blockedSecondaryRoles(SessionPolicyBlockedSecondaryRolesArgs.builder()
        .all(false)
        .none(false)
        .roles("string")
        .build())
    .comment("string")
    .name("string")
    .sessionIdleTimeoutMins(0)
    .sessionUiIdleTimeoutMins(0)
    .build());

session_policy_resource = snowflake.SessionPolicy("sessionPolicyResource",
    database="string",
    schema="string",
    allowed_secondary_roles={
        "all": False,
        "none": False,
        "roles": ["string"],
    },
    blocked_secondary_roles={
        "all": False,
        "none": False,
        "roles": ["string"],
    },
    comment="string",
    name="string",
    session_idle_timeout_mins=0,
    session_ui_idle_timeout_mins=0)

const sessionPolicyResource = new snowflake.SessionPolicy("sessionPolicyResource", {
    database: "string",
    schema: "string",
    allowedSecondaryRoles: {
        all: false,
        none: false,
        roles: ["string"],
    },
    blockedSecondaryRoles: {
        all: false,
        none: false,
        roles: ["string"],
    },
    comment: "string",
    name: "string",
    sessionIdleTimeoutMins: 0,
    sessionUiIdleTimeoutMins: 0,
});

type: snowflake:SessionPolicy
properties:
    allowedSecondaryRoles:
        all: false
        none: false
        roles:
            - string
    blockedSecondaryRoles:
        all: false
        none: false
        roles:
            - string
    comment: string
    database: string
    name: string
    schema: string
    sessionIdleTimeoutMins: 0
    sessionUiIdleTimeoutMins: 0

SessionPolicy Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The SessionPolicy resource accepts the following input properties:

Database string: The database in which to create the session policy. Due to technical limitations (read more here), avoid using the following characters: |, ., ".
Schema string: The schema in which to create the session policy. Due to technical limitations (read more here), avoid using the following characters: |, ., ".
AllowedSecondaryRoles SessionPolicyAllowedSecondaryRoles: Specifies the allowed secondary roles for a session policy, if any.
BlockedSecondaryRoles SessionPolicyBlockedSecondaryRoles: Specifies the blocked secondary roles for a session policy, if any. Blocked secondary roles take precedence over allowed secondary roles.
Comment string: Specifies a comment for the session policy.
Name string: Specifies the identifier for the session policy. Due to technical limitations (read more here), avoid using the following characters: |, ., ".
SessionIdleTimeoutMins int: For Snowflake clients and programmatic clients, specifies the number of minutes in which a session can be idle before users must authenticate to Snowflake again.
SessionUiIdleTimeoutMins int: For Snowsight, specifies the number of minutes in which a session can be idle before users must authenticate to Snowflake again.

Database string: The database in which to create the session policy. Due to technical limitations (read more here), avoid using the following characters: |, ., ".
Schema string: The schema in which to create the session policy. Due to technical limitations (read more here), avoid using the following characters: |, ., ".
AllowedSecondaryRoles SessionPolicyAllowedSecondaryRolesArgs: Specifies the allowed secondary roles for a session policy, if any.
BlockedSecondaryRoles SessionPolicyBlockedSecondaryRolesArgs: Specifies the blocked secondary roles for a session policy, if any. Blocked secondary roles take precedence over allowed secondary roles.
Comment string: Specifies a comment for the session policy.
Name string: Specifies the identifier for the session policy. Due to technical limitations (read more here), avoid using the following characters: |, ., ".
SessionIdleTimeoutMins int: For Snowflake clients and programmatic clients, specifies the number of minutes in which a session can be idle before users must authenticate to Snowflake again.
SessionUiIdleTimeoutMins int: For Snowsight, specifies the number of minutes in which a session can be idle before users must authenticate to Snowflake again.

database string: The database in which to create the session policy. Due to technical limitations (read more here), avoid using the following characters: |, ., ".
schema string: The schema in which to create the session policy. Due to technical limitations (read more here), avoid using the following characters: |, ., ".
allowed_secondary_roles object: Specifies the allowed secondary roles for a session policy, if any.
blocked_secondary_roles object: Specifies the blocked secondary roles for a session policy, if any. Blocked secondary roles take precedence over allowed secondary roles.
comment string: Specifies a comment for the session policy.
name string: Specifies the identifier for the session policy. Due to technical limitations (read more here), avoid using the following characters: |, ., ".
session_idle_timeout_mins number: For Snowflake clients and programmatic clients, specifies the number of minutes in which a session can be idle before users must authenticate to Snowflake again.
session_ui_idle_timeout_mins number: For Snowsight, specifies the number of minutes in which a session can be idle before users must authenticate to Snowflake again.

database String: The database in which to create the session policy. Due to technical limitations (read more here), avoid using the following characters: |, ., ".
schema String: The schema in which to create the session policy. Due to technical limitations (read more here), avoid using the following characters: |, ., ".
allowedSecondaryRoles SessionPolicyAllowedSecondaryRoles: Specifies the allowed secondary roles for a session policy, if any.
blockedSecondaryRoles SessionPolicyBlockedSecondaryRoles: Specifies the blocked secondary roles for a session policy, if any. Blocked secondary roles take precedence over allowed secondary roles.
comment String: Specifies a comment for the session policy.
name String: Specifies the identifier for the session policy. Due to technical limitations (read more here), avoid using the following characters: |, ., ".
sessionIdleTimeoutMins Integer: For Snowflake clients and programmatic clients, specifies the number of minutes in which a session can be idle before users must authenticate to Snowflake again.
sessionUiIdleTimeoutMins Integer: For Snowsight, specifies the number of minutes in which a session can be idle before users must authenticate to Snowflake again.

database string: The database in which to create the session policy. Due to technical limitations (read more here), avoid using the following characters: |, ., ".
schema string: The schema in which to create the session policy. Due to technical limitations (read more here), avoid using the following characters: |, ., ".
allowedSecondaryRoles SessionPolicyAllowedSecondaryRoles: Specifies the allowed secondary roles for a session policy, if any.
blockedSecondaryRoles SessionPolicyBlockedSecondaryRoles: Specifies the blocked secondary roles for a session policy, if any. Blocked secondary roles take precedence over allowed secondary roles.
comment string: Specifies a comment for the session policy.
name string: Specifies the identifier for the session policy. Due to technical limitations (read more here), avoid using the following characters: |, ., ".
sessionIdleTimeoutMins number: For Snowflake clients and programmatic clients, specifies the number of minutes in which a session can be idle before users must authenticate to Snowflake again.
sessionUiIdleTimeoutMins number: For Snowsight, specifies the number of minutes in which a session can be idle before users must authenticate to Snowflake again.

database str: The database in which to create the session policy. Due to technical limitations (read more here), avoid using the following characters: |, ., ".
schema str: The schema in which to create the session policy. Due to technical limitations (read more here), avoid using the following characters: |, ., ".
allowed_secondary_roles SessionPolicyAllowedSecondaryRolesArgs: Specifies the allowed secondary roles for a session policy, if any.
blocked_secondary_roles SessionPolicyBlockedSecondaryRolesArgs: Specifies the blocked secondary roles for a session policy, if any. Blocked secondary roles take precedence over allowed secondary roles.
comment str: Specifies a comment for the session policy.
name str: Specifies the identifier for the session policy. Due to technical limitations (read more here), avoid using the following characters: |, ., ".
session_idle_timeout_mins int: For Snowflake clients and programmatic clients, specifies the number of minutes in which a session can be idle before users must authenticate to Snowflake again.
session_ui_idle_timeout_mins int: For Snowsight, specifies the number of minutes in which a session can be idle before users must authenticate to Snowflake again.

database String: The database in which to create the session policy. Due to technical limitations (read more here), avoid using the following characters: |, ., ".
schema String: The schema in which to create the session policy. Due to technical limitations (read more here), avoid using the following characters: |, ., ".
allowedSecondaryRoles Property Map: Specifies the allowed secondary roles for a session policy, if any.
blockedSecondaryRoles Property Map: Specifies the blocked secondary roles for a session policy, if any. Blocked secondary roles take precedence over allowed secondary roles.
comment String: Specifies a comment for the session policy.
name String: Specifies the identifier for the session policy. Due to technical limitations (read more here), avoid using the following characters: |, ., ".
sessionIdleTimeoutMins Number: For Snowflake clients and programmatic clients, specifies the number of minutes in which a session can be idle before users must authenticate to Snowflake again.
sessionUiIdleTimeoutMins Number: For Snowsight, specifies the number of minutes in which a session can be idle before users must authenticate to Snowflake again.

Outputs

All input properties are implicitly available as output properties. Additionally, the SessionPolicy resource produces the following output properties:

DescribeOutputs List<SessionPolicyDescribeOutput>: Outputs the result of DESCRIBE SESSION POLICY for this session policy.
FullyQualifiedName string: Fully qualified name of the resource. For more information, see object name resolution.
Id string: The provider-assigned unique ID for this managed resource.
ShowOutputs List<SessionPolicyShowOutput>: Outputs the result of SHOW SESSION POLICIES for this session policy.

DescribeOutputs []SessionPolicyDescribeOutput: Outputs the result of DESCRIBE SESSION POLICY for this session policy.
FullyQualifiedName string: Fully qualified name of the resource. For more information, see object name resolution.
Id string: The provider-assigned unique ID for this managed resource.
ShowOutputs []SessionPolicyShowOutput: Outputs the result of SHOW SESSION POLICIES for this session policy.

describe_outputs list(object): Outputs the result of DESCRIBE SESSION POLICY for this session policy.
fully_qualified_name string: Fully qualified name of the resource. For more information, see object name resolution.
id string: The provider-assigned unique ID for this managed resource.
show_outputs list(object): Outputs the result of SHOW SESSION POLICIES for this session policy.

describeOutputs List<SessionPolicyDescribeOutput>: Outputs the result of DESCRIBE SESSION POLICY for this session policy.
fullyQualifiedName String: Fully qualified name of the resource. For more information, see object name resolution.
id String: The provider-assigned unique ID for this managed resource.
showOutputs List<SessionPolicyShowOutput>: Outputs the result of SHOW SESSION POLICIES for this session policy.

describeOutputs SessionPolicyDescribeOutput[]: Outputs the result of DESCRIBE SESSION POLICY for this session policy.
fullyQualifiedName string: Fully qualified name of the resource. For more information, see object name resolution.
id string: The provider-assigned unique ID for this managed resource.
showOutputs SessionPolicyShowOutput[]: Outputs the result of SHOW SESSION POLICIES for this session policy.

describe_outputs Sequence[SessionPolicyDescribeOutput]: Outputs the result of DESCRIBE SESSION POLICY for this session policy.
fully_qualified_name str: Fully qualified name of the resource. For more information, see object name resolution.
id str: The provider-assigned unique ID for this managed resource.
show_outputs Sequence[SessionPolicyShowOutput]: Outputs the result of SHOW SESSION POLICIES for this session policy.

describeOutputs List<Property Map>: Outputs the result of DESCRIBE SESSION POLICY for this session policy.
fullyQualifiedName String: Fully qualified name of the resource. For more information, see object name resolution.
id String: The provider-assigned unique ID for this managed resource.
showOutputs List<Property Map>: Outputs the result of SHOW SESSION POLICIES for this session policy.

Look up Existing SessionPolicy Resource

Get an existing SessionPolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: SessionPolicyState, opts?: CustomResourceOptions): SessionPolicy

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        allowed_secondary_roles: Optional[SessionPolicyAllowedSecondaryRolesArgs] = None,
        blocked_secondary_roles: Optional[SessionPolicyBlockedSecondaryRolesArgs] = None,
        comment: Optional[str] = None,
        database: Optional[str] = None,
        describe_outputs: Optional[Sequence[SessionPolicyDescribeOutputArgs]] = None,
        fully_qualified_name: Optional[str] = None,
        name: Optional[str] = None,
        schema: Optional[str] = None,
        session_idle_timeout_mins: Optional[int] = None,
        session_ui_idle_timeout_mins: Optional[int] = None,
        show_outputs: Optional[Sequence[SessionPolicyShowOutputArgs]] = None) -> SessionPolicy

func GetSessionPolicy(ctx *Context, name string, id IDInput, state *SessionPolicyState, opts ...ResourceOption) (*SessionPolicy, error)

public static SessionPolicy Get(string name, Input<string> id, SessionPolicyState? state, CustomResourceOptions? opts = null)

public static SessionPolicy get(String name, Output<String> id, SessionPolicyState state, CustomResourceOptions options)

resources:  _:    type: snowflake:SessionPolicy    get:      id: ${id}

import {
  to = snowflake_sessionpolicy.example
  id = "${id}"
}

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

AllowedSecondaryRoles SessionPolicyAllowedSecondaryRoles: Specifies the allowed secondary roles for a session policy, if any.
BlockedSecondaryRoles SessionPolicyBlockedSecondaryRoles: Specifies the blocked secondary roles for a session policy, if any. Blocked secondary roles take precedence over allowed secondary roles.
Comment string: Specifies a comment for the session policy.
Database string: The database in which to create the session policy. Due to technical limitations (read more here), avoid using the following characters: |, ., ".
DescribeOutputs List<SessionPolicyDescribeOutput>: Outputs the result of DESCRIBE SESSION POLICY for this session policy.
FullyQualifiedName string: Fully qualified name of the resource. For more information, see object name resolution.
Name string: Specifies the identifier for the session policy. Due to technical limitations (read more here), avoid using the following characters: |, ., ".
Schema string: The schema in which to create the session policy. Due to technical limitations (read more here), avoid using the following characters: |, ., ".
SessionIdleTimeoutMins int: For Snowflake clients and programmatic clients, specifies the number of minutes in which a session can be idle before users must authenticate to Snowflake again.
SessionUiIdleTimeoutMins int: For Snowsight, specifies the number of minutes in which a session can be idle before users must authenticate to Snowflake again.
ShowOutputs List<SessionPolicyShowOutput>: Outputs the result of SHOW SESSION POLICIES for this session policy.

AllowedSecondaryRoles SessionPolicyAllowedSecondaryRolesArgs: Specifies the allowed secondary roles for a session policy, if any.
BlockedSecondaryRoles SessionPolicyBlockedSecondaryRolesArgs: Specifies the blocked secondary roles for a session policy, if any. Blocked secondary roles take precedence over allowed secondary roles.
Comment string: Specifies a comment for the session policy.
Database string: The database in which to create the session policy. Due to technical limitations (read more here), avoid using the following characters: |, ., ".
DescribeOutputs []SessionPolicyDescribeOutputArgs: Outputs the result of DESCRIBE SESSION POLICY for this session policy.
FullyQualifiedName string: Fully qualified name of the resource. For more information, see object name resolution.
Name string: Specifies the identifier for the session policy. Due to technical limitations (read more here), avoid using the following characters: |, ., ".
Schema string: The schema in which to create the session policy. Due to technical limitations (read more here), avoid using the following characters: |, ., ".
SessionIdleTimeoutMins int: For Snowflake clients and programmatic clients, specifies the number of minutes in which a session can be idle before users must authenticate to Snowflake again.
SessionUiIdleTimeoutMins int: For Snowsight, specifies the number of minutes in which a session can be idle before users must authenticate to Snowflake again.
ShowOutputs []SessionPolicyShowOutputArgs: Outputs the result of SHOW SESSION POLICIES for this session policy.

allowed_secondary_roles object: Specifies the allowed secondary roles for a session policy, if any.
blocked_secondary_roles object: Specifies the blocked secondary roles for a session policy, if any. Blocked secondary roles take precedence over allowed secondary roles.
comment string: Specifies a comment for the session policy.
database string: The database in which to create the session policy. Due to technical limitations (read more here), avoid using the following characters: |, ., ".
describe_outputs list(object): Outputs the result of DESCRIBE SESSION POLICY for this session policy.
fully_qualified_name string: Fully qualified name of the resource. For more information, see object name resolution.
name string: Specifies the identifier for the session policy. Due to technical limitations (read more here), avoid using the following characters: |, ., ".
schema string: The schema in which to create the session policy. Due to technical limitations (read more here), avoid using the following characters: |, ., ".
session_idle_timeout_mins number: For Snowflake clients and programmatic clients, specifies the number of minutes in which a session can be idle before users must authenticate to Snowflake again.
session_ui_idle_timeout_mins number: For Snowsight, specifies the number of minutes in which a session can be idle before users must authenticate to Snowflake again.
show_outputs list(object): Outputs the result of SHOW SESSION POLICIES for this session policy.

allowedSecondaryRoles SessionPolicyAllowedSecondaryRoles: Specifies the allowed secondary roles for a session policy, if any.
blockedSecondaryRoles SessionPolicyBlockedSecondaryRoles: Specifies the blocked secondary roles for a session policy, if any. Blocked secondary roles take precedence over allowed secondary roles.
comment String: Specifies a comment for the session policy.
database String: The database in which to create the session policy. Due to technical limitations (read more here), avoid using the following characters: |, ., ".
describeOutputs List<SessionPolicyDescribeOutput>: Outputs the result of DESCRIBE SESSION POLICY for this session policy.
fullyQualifiedName String: Fully qualified name of the resource. For more information, see object name resolution.
name String: Specifies the identifier for the session policy. Due to technical limitations (read more here), avoid using the following characters: |, ., ".
schema String: The schema in which to create the session policy. Due to technical limitations (read more here), avoid using the following characters: |, ., ".
sessionIdleTimeoutMins Integer: For Snowflake clients and programmatic clients, specifies the number of minutes in which a session can be idle before users must authenticate to Snowflake again.
sessionUiIdleTimeoutMins Integer: For Snowsight, specifies the number of minutes in which a session can be idle before users must authenticate to Snowflake again.
showOutputs List<SessionPolicyShowOutput>: Outputs the result of SHOW SESSION POLICIES for this session policy.

allowedSecondaryRoles SessionPolicyAllowedSecondaryRoles: Specifies the allowed secondary roles for a session policy, if any.
blockedSecondaryRoles SessionPolicyBlockedSecondaryRoles: Specifies the blocked secondary roles for a session policy, if any. Blocked secondary roles take precedence over allowed secondary roles.
comment string: Specifies a comment for the session policy.
database string: The database in which to create the session policy. Due to technical limitations (read more here), avoid using the following characters: |, ., ".
describeOutputs SessionPolicyDescribeOutput[]: Outputs the result of DESCRIBE SESSION POLICY for this session policy.
fullyQualifiedName string: Fully qualified name of the resource. For more information, see object name resolution.
name string: Specifies the identifier for the session policy. Due to technical limitations (read more here), avoid using the following characters: |, ., ".
schema string: The schema in which to create the session policy. Due to technical limitations (read more here), avoid using the following characters: |, ., ".
sessionIdleTimeoutMins number: For Snowflake clients and programmatic clients, specifies the number of minutes in which a session can be idle before users must authenticate to Snowflake again.
sessionUiIdleTimeoutMins number: For Snowsight, specifies the number of minutes in which a session can be idle before users must authenticate to Snowflake again.
showOutputs SessionPolicyShowOutput[]: Outputs the result of SHOW SESSION POLICIES for this session policy.

allowed_secondary_roles SessionPolicyAllowedSecondaryRolesArgs: Specifies the allowed secondary roles for a session policy, if any.
blocked_secondary_roles SessionPolicyBlockedSecondaryRolesArgs: Specifies the blocked secondary roles for a session policy, if any. Blocked secondary roles take precedence over allowed secondary roles.
comment str: Specifies a comment for the session policy.
database str: The database in which to create the session policy. Due to technical limitations (read more here), avoid using the following characters: |, ., ".
describe_outputs Sequence[SessionPolicyDescribeOutputArgs]: Outputs the result of DESCRIBE SESSION POLICY for this session policy.
fully_qualified_name str: Fully qualified name of the resource. For more information, see object name resolution.
name str: Specifies the identifier for the session policy. Due to technical limitations (read more here), avoid using the following characters: |, ., ".
schema str: The schema in which to create the session policy. Due to technical limitations (read more here), avoid using the following characters: |, ., ".
session_idle_timeout_mins int: For Snowflake clients and programmatic clients, specifies the number of minutes in which a session can be idle before users must authenticate to Snowflake again.
session_ui_idle_timeout_mins int: For Snowsight, specifies the number of minutes in which a session can be idle before users must authenticate to Snowflake again.
show_outputs Sequence[SessionPolicyShowOutputArgs]: Outputs the result of SHOW SESSION POLICIES for this session policy.

allowedSecondaryRoles Property Map: Specifies the allowed secondary roles for a session policy, if any.
blockedSecondaryRoles Property Map: Specifies the blocked secondary roles for a session policy, if any. Blocked secondary roles take precedence over allowed secondary roles.
comment String: Specifies a comment for the session policy.
database String: The database in which to create the session policy. Due to technical limitations (read more here), avoid using the following characters: |, ., ".
describeOutputs List<Property Map>: Outputs the result of DESCRIBE SESSION POLICY for this session policy.
fullyQualifiedName String: Fully qualified name of the resource. For more information, see object name resolution.
name String: Specifies the identifier for the session policy. Due to technical limitations (read more here), avoid using the following characters: |, ., ".
schema String: The schema in which to create the session policy. Due to technical limitations (read more here), avoid using the following characters: |, ., ".
sessionIdleTimeoutMins Number: For Snowflake clients and programmatic clients, specifies the number of minutes in which a session can be idle before users must authenticate to Snowflake again.
sessionUiIdleTimeoutMins Number: For Snowsight, specifies the number of minutes in which a session can be idle before users must authenticate to Snowflake again.
showOutputs List<Property Map>: Outputs the result of SHOW SESSION POLICIES for this session policy.

Supporting Types

SessionPolicyAllowedSecondaryRoles, SessionPolicyAllowedSecondaryRolesArgs

All bool: When true, allows all secondary roles.
None bool: When true, disallows all secondary roles.
Roles List<string>: Specifies roles to be allowed as secondary roles.

All bool: When true, allows all secondary roles.
None bool: When true, disallows all secondary roles.
Roles []string: Specifies roles to be allowed as secondary roles.

all bool: When true, allows all secondary roles.
none bool: When true, disallows all secondary roles.
roles list(string): Specifies roles to be allowed as secondary roles.

all Boolean: When true, allows all secondary roles.
none Boolean: When true, disallows all secondary roles.
roles List<String>: Specifies roles to be allowed as secondary roles.

all boolean: When true, allows all secondary roles.
none boolean: When true, disallows all secondary roles.
roles string[]: Specifies roles to be allowed as secondary roles.

all bool: When true, allows all secondary roles.
none bool: When true, disallows all secondary roles.
roles Sequence[str]: Specifies roles to be allowed as secondary roles.

all Boolean: When true, allows all secondary roles.
none Boolean: When true, disallows all secondary roles.
roles List<String>: Specifies roles to be allowed as secondary roles.

SessionPolicyBlockedSecondaryRoles, SessionPolicyBlockedSecondaryRolesArgs

All bool: When true, disallows all secondary roles.
None bool: When true, allows all secondary roles.
Roles List<string>: Specifies roles to be blocked as secondary roles.

All bool: When true, disallows all secondary roles.
None bool: When true, allows all secondary roles.
Roles []string: Specifies roles to be blocked as secondary roles.

all bool: When true, disallows all secondary roles.
none bool: When true, allows all secondary roles.
roles list(string): Specifies roles to be blocked as secondary roles.

all Boolean: When true, disallows all secondary roles.
none Boolean: When true, allows all secondary roles.
roles List<String>: Specifies roles to be blocked as secondary roles.

all boolean: When true, disallows all secondary roles.
none boolean: When true, allows all secondary roles.
roles string[]: Specifies roles to be blocked as secondary roles.

all bool: When true, disallows all secondary roles.
none bool: When true, allows all secondary roles.
roles Sequence[str]: Specifies roles to be blocked as secondary roles.

all Boolean: When true, disallows all secondary roles.
none Boolean: When true, allows all secondary roles.
roles List<String>: Specifies roles to be blocked as secondary roles.

SessionPolicyDescribeOutput, SessionPolicyDescribeOutputArgs

AllowedSecondaryRoles List<string>
BlockedSecondaryRoles List<string>
Comment string
Id string
Owner string
OwnerRoleType string
SessionIdleTimeoutMins int
SessionUiIdleTimeoutMins int

AllowedSecondaryRoles []string
BlockedSecondaryRoles []string
Comment string
Id string
Owner string
OwnerRoleType string
SessionIdleTimeoutMins int
SessionUiIdleTimeoutMins int

allowed_secondary_roles list(string)
blocked_secondary_roles list(string)
comment string
id string
owner string
owner_role_type string
session_idle_timeout_mins number
session_ui_idle_timeout_mins number

allowedSecondaryRoles List<String>
blockedSecondaryRoles List<String>
comment String
id String
owner String
ownerRoleType String
sessionIdleTimeoutMins Integer
sessionUiIdleTimeoutMins Integer

allowedSecondaryRoles string[]
blockedSecondaryRoles string[]
comment string
id string
owner string
ownerRoleType string
sessionIdleTimeoutMins number
sessionUiIdleTimeoutMins number

allowed_secondary_roles Sequence[str]
blocked_secondary_roles Sequence[str]
comment str
id str
owner str
owner_role_type str
session_idle_timeout_mins int
session_ui_idle_timeout_mins int

allowedSecondaryRoles List<String>
blockedSecondaryRoles List<String>
comment String
id String
owner String
ownerRoleType String
sessionIdleTimeoutMins Number
sessionUiIdleTimeoutMins Number

SessionPolicyShowOutput, SessionPolicyShowOutputArgs

Comment string
CreatedOn string
DatabaseName string
Kind string
Name string
Options string
Owner string
OwnerRoleType string
SchemaName string

Comment string
CreatedOn string
DatabaseName string
Kind string
Name string
Options string
Owner string
OwnerRoleType string
SchemaName string

comment string
created_on string
database_name string
kind string
name string
options string
owner string
owner_role_type string
schema_name string

comment String
createdOn String
databaseName String
kind String
name String
options String
owner String
ownerRoleType String
schemaName String

comment string
createdOn string
databaseName string
kind string
name string
options string
owner string
ownerRoleType string
schemaName string

comment str
created_on str
database_name str
kind str
name str
options str
owner str
owner_role_type str
schema_name str

comment String
createdOn String
databaseName String
kind String
name String
options String
owner String
ownerRoleType String
schemaName String

Import

$ pulumi import snowflake:index/sessionPolicy:SessionPolicy example '"<database_name>"."<schema_name>"."<session_policy_name>"'

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository: Snowflake pulumi/pulumi-snowflake
License: Apache-2.0
Notes: This Pulumi package is based on the snowflake Terraform Provider.

Viewing docs for Snowflake v2.15.0
published on Saturday, May 9, 2026 by Pulumi

Schema (JSON)

pulumi/pulumi-snowflake

snowflake.SessionPolicy

On this page

On this page

Example Usage

Create SessionPolicy Resource

Constructor syntax

Parameters

Constructor example

SessionPolicy Resource Properties

Inputs

Outputs

Look up Existing SessionPolicy Resource

Supporting Types

SessionPolicyAllowedSecondaryRoles, SessionPolicyAllowedSecondaryRolesArgs

SessionPolicyBlockedSecondaryRoles, SessionPolicyBlockedSecondaryRolesArgs

SessionPolicyDescribeOutput, SessionPolicyDescribeOutputArgs

SessionPolicyShowOutput, SessionPolicyShowOutputArgs

Import

Package Details

On this page

On this page