Aggregation Policy is a Snowflake data governance feature that enforces that every aggregation group in a query result contains at least a minimum number of rows (MIN_GROUP_SIZE). It structurally eliminates the risk of inferring individual or small-group data and is available on Enterprise Edition and above.
When you aggregate data with GROUP BY in analytics, if a specific group has only 1-2 rows, the aggregate value can reveal an individual. For example, if the group "region=Hokkaido, age=65+, condition=diabetes" has only one row, the average or sum directly represents that individual's value. Aggregation Policy prevents these Small Group Attacks.
-- Basic Aggregation Policy
CREATE OR REPLACE AGGREGATION POLICY privacy_db.policies.min_group_5
AS () RETURNS AGGREGATION_CONSTRAINT ->
AGGREGATION_CONSTRAINT(MIN_GROUP_SIZE => 5);
-- Conditional policy: vary aggregation constraint by role
CREATE OR REPLACE AGGREGATION POLICY privacy_db.policies.role_based_agg
AS () RETURNS AGGREGATION_CONSTRAINT ->
CASE
WHEN CURRENT_ROLE() IN ('DATA_SCIENTIST', 'ADMIN')
THEN AGGREGATION_CONSTRAINT(MIN_GROUP_SIZE => 0)
WHEN CURRENT_ROLE() = 'ANALYST'
THEN AGGREGATION_CONSTRAINT(MIN_GROUP_SIZE => 5)
ELSE
AGGREGATION_CONSTRAINT(MIN_GROUP_SIZE => 20)
END;The policy body is written as a SQL expression that returns AGGREGATION_CONSTRAINT(MIN_GROUP_SIZE => N). Setting MIN_GROUP_SIZE to 0 disables the aggregation constraint (raw data access becomes possible). By using CURRENT_ROLE() or IS_ROLE_IN_SESSION() inside a CASE expression, you can switch the constraint level per role.
-- Apply Aggregation Policy to a table
ALTER TABLE medical_db.public.patient_records
SET AGGREGATION POLICY privacy_db.policies.min_group_5;
-- Apply with ENTITY KEY (enforce aggregation per entity)
ALTER TABLE medical_db.public.patient_records
SET AGGREGATION POLICY privacy_db.policies.min_group_5
ENTITY KEY (patient_id);
-- Also applicable to views
ALTER VIEW medical_db.public.patient_summary
SET AGGREGATION POLICY privacy_db.policies.min_group_5
ENTITY KEY (patient_id);
-- Unset the policy
ALTER TABLE medical_db.public.patient_records
UNSET AGGREGATION POLICY;When you specify ENTITY KEY, MIN_GROUP_SIZE is evaluated against the "number of unique entities" rather than "row count". For example, with ENTITY KEY (patient_id) and MIN_GROUP_SIZE=5, the query is rejected unless each group contains at least 5 distinct patients. Even if a single patient has multiple rows, what matters is patient count, not row count.
-- Example queries on a policy-applied table
-- MIN_GROUP_SIZE=5 / ENTITY KEY=patient_id
-- OK: succeeds if each region has 5+ patients
SELECT region, AVG(age) AS avg_age, COUNT(*) AS cnt
FROM medical_db.public.patient_records
GROUP BY region;
-- NG: the entire query errors out if any region has fewer than 5 patients
-- Error: Aggregation policy violation
-- Workaround: exclude small groups with HAVING
SELECT region, AVG(age) AS avg_age, COUNT(*) AS cnt
FROM medical_db.public.patient_records
GROUP BY region
HAVING COUNT(DISTINCT patient_id) >= 5;
-- Non-aggregated SELECT * is blocked (when MIN_GROUP_SIZE > 0)
SELECT * FROM medical_db.public.patient_records;
-- Error: Query does not contain an aggregate function| Policy | Protection Target | Scope | Behavior |
|---|---|---|---|
| Aggregation Policy | Granularity of aggregate results | Table / View | Blocks queries that include groups below MIN_GROUP_SIZE |
| Masking Policy | Column values | Column | Replaces values with NULL or a fixed value depending on role |
| Row Access Policy | Row visibility | Table / View | Filters out rows that do not meet the condition |
| Projection Policy | Column projection | Column | Prohibits SELECT on the column for specific roles |
-- List defined policies
SHOW AGGREGATION POLICIES IN SCHEMA privacy_db.policies;
-- Describe a policy
DESCRIBE AGGREGATION POLICY privacy_db.policies.min_group_5;
-- Check where a policy is applied
SELECT *
FROM TABLE(
INFORMATION_SCHEMA.POLICY_REFERENCES(
POLICY_NAME => 'privacy_db.policies.min_group_5'
)
);
-- View all policy references in Account Usage
SELECT policy_name, ref_entity_name, ref_entity_domain
FROM SNOWFLAKE.ACCOUNT_USAGE.POLICY_REFERENCES
WHERE policy_kind = 'AGGREGATION_POLICY';
-- Drop a policy (must be unset from objects first)
DROP AGGREGATION POLICY privacy_db.policies.min_group_5;| Operation | Required Privileges |
|---|---|
| CREATE AGGREGATION POLICY | CREATE AGGREGATION POLICY on the schema |
| ALTER TABLE SET AGGREGATION POLICY | OWNERSHIP on the table + APPLY on the policy |
| DROP AGGREGATION POLICY | OWNERSHIP on the policy |
Data Governance
問題 1
A medical data table has an Aggregation Policy applied with ENTITY KEY (patient_id) and MIN_GROUP_SIZE=5. What is the correct result when the following query is executed? SELECT region, AVG(blood_pressure) FROM patients GROUP BY region; Assume the region='Hokkaido' group contains only 3 distinct patient_id values.
正解: C
Under an Aggregation Policy, if any GROUP BY group falls below MIN_GROUP_SIZE, the entire query errors out. Since Hokkaido has only 3 distinct patient_id values (below MIN_GROUP_SIZE=5), the entire query, including other regions, is rejected. There is no automatic small-group exclusion or noise injection. Adding HAVING COUNT(DISTINCT patient_id) >= 5 lets you exclude small groups and run the query.
What value should I use for MIN_GROUP_SIZE in an Aggregation Policy?
A minimum of 5 is recommended to mitigate statistical re-identification risk. Under regulatory regimes such as GDPR or HIPAA, MIN_GROUP_SIZE is sometimes set between 10 and 20. Higher values restrict the granularity of returned results, so balance analytical needs against privacy requirements. After configuration, verify behavior using test queries with IS_AGGREGATION_POLICY_MET().
What is the difference between Aggregation Policy and Dynamic Data Masking Policy?
Masking Policy hides or transforms individual column values per role, replacing them with NULL or fixed strings at SELECT time. In contrast, Aggregation Policy enforces sufficient aggregation of query results, blocking the entire query if any GROUP BY group falls below the specified row count. Masking Policy controls 'who sees what', while Aggregation Policy controls 'at what granularity aggregate results are returned'. The two can be combined.
What happens to a non-compliant query on a table with an Aggregation Policy applied?
If any GROUP BY group contains fewer rows than MIN_GROUP_SIZE, the entire query errors out and no results are returned. The error message includes 'Aggregation policy violation'. Adding HAVING COUNT(*) >= <MIN_GROUP_SIZE> excludes small groups and lets the query pass. Policy violation audit logs are available in the ACCOUNT_USAGE.POLICY_REFERENCES view.
Practice with certification-focused question sets
無料で問題を解いてみるNicheeLab Editorial Team
NicheeLab editorial team focused on data engineering and cloud certification learning. Content is structured around practical study needs and official exam domains.
Snowflake Certifications: All 11 Exams Explained (2026)
Every SnowPro certification — Associate, Core, Specialty, Ad...
Snowflake Exam Difficulty Ranking: All 11 Certs Compared (2026)
All 11 SnowPro exams ranked by difficulty with study-time es...
Snowflake Study Guide: Fastest Pass Route by Exam (2026)
How to pass SnowPro certifications efficiently — official ma...
SnowPro Core (COF-C03): Complete Exam Guide (2026)
Pass the SnowPro Core exam — six domains, scope, sample ques...
SnowPro Associate Platform (SOL-C01): Complete Guide (2026)
The entry-level SnowPro Associate exam — scope, weighting, s...