Working on creating a native application using Snowpark container service. I have created an application package and application.
When I am trying to open the service endpoint – app-url.snowflakecomputing.app it gives the below error –
Access denied. Insufficient privileges to use app-url.
The setup script as follow which creates a compute pool and service.
CREATE APPLICATION ROLE IF NOT EXISTS iqr_user;
CREATE SCHEMA IF NOT EXISTS core;
GRANT USAGE ON SCHEMA core TO APPLICATION ROLE iqr_user;
CREATE OR ALTER VERSIONED SCHEMA app_public;
GRANT USAGE ON SCHEMA app_public TO APPLICATION ROLE iqr_user;
-- Start App
CREATE OR REPLACE PROCEDURE app_public.start_app()
RETURNS string
LANGUAGE sql
AS $$
BEGIN
LET pool_name := (SELECT CURRENT_DATABASE()) || '_compute_pool';
CREATE COMPUTE POOL IF NOT EXISTS IDENTIFIER(:pool_name)
MIN_NODES = 1
MAX_NODES = 1
INSTANCE_FAMILY = CPU_X64_XS
AUTO_RESUME = true;
CREATE SERVICE IF NOT EXISTS core.iqr_service
IN COMPUTE POOL identifier(:pool_name)
FROM SPECIFICATION_FILE='service.yml';
GRANT USAGE ON SERVICE core.iqr_service TO APPLICATION ROLE iqr_user;
RETURN 'Service started. Check status, and when ready, get URL';
END;
$$;
GRANT USAGE ON PROCEDURE app_public.start_app() TO APPLICATION ROLE iqr_user;
What is the missing privilege that needs to be granted in order to fix this?
2
Answers
Found a solution for this. Create a service role in the service.yml file and grant the service role in the setup script to the application role.
There is a default service role available as well.
setup script -
I have the exact same issue. A service I create outside of the app works, but not the one inside the app. Does anybody have a solution for it? Or a way to debug this?