Snowflake Native Apps is a framework for building and packaging applications on Snowflake and distributing them to other Snowflake accounts via the Marketplace. It enables the integrated distribution of "data + code + UI" — something that traditional Secure Data Sharing could not achieve.
This article systematically explains the structure of an Application Package, the Provider/Consumer role model, Streamlit UI integration, the security model, and the Marketplace distribution flow.
The Snowflake Native Apps Framework is a platform where Providers package applications developed on Snowflake as Application Packages and distribute them to Consumer accounts via the Marketplace or direct sharing. The defining feature is that applications run inside the Consumer's account without moving data.
The objects that can be included in a Native App are:
The Provider is the application developer, who creates an Application Package and defines the code, data, and privilege configuration.
-- Application Packageの作成
CREATE APPLICATION PACKAGE my_analytics_app;
-- ステージにファイルをアップロード
PUT file://manifest.yml @my_analytics_app.stage_content;
PUT file://setup.sql @my_analytics_app.stage_content;
PUT file://streamlit_app.py @my_analytics_app.stage_content;
-- バージョンの追加
ALTER APPLICATION PACKAGE my_analytics_app
ADD VERSION v1_0
USING '@my_analytics_app.stage_content';The Consumer is the side that installs and uses the Native App. The application runs as an Application Object inside the Consumer's account, with code executing on the Consumer's warehouse.
-- Marketplaceまたは直接共有からインストール
CREATE APPLICATION my_installed_app
FROM APPLICATION PACKAGE my_analytics_app
USING VERSION v1_0;
-- アプリが要求する権限をGRANT
GRANT USAGE ON DATABASE my_data TO APPLICATION my_installed_app;
GRANT USAGE ON SCHEMA my_data.public TO APPLICATION my_installed_app;
GRANT SELECT ON ALL TABLES IN SCHEMA my_data.public TO APPLICATION my_installed_app;| Component | File | Role |
|---|---|---|
| Manifest | manifest.yml | Declares app metadata, required privileges, and the setup script path |
| Setup script | setup.sql | SQL that runs automatically at install time, creating schemas, SPs, UDFs, and the Streamlit UI |
| Application files | Inside a Named Stage | Non-SQL resources such as Python scripts, Streamlit apps, and config files |
manifest_version: 1
artifacts:
setup_script: setup.sql
default_streamlit: app_schema.my_streamlit_app
privileges:
- CREATE DATABASE:
description: "分析結果を格納するDBを作成"
- IMPORTED PRIVILEGES ON SNOWFLAKE DB:
description: "ACCOUNT_USAGE参照"-- アプリケーション内スキーマの作成
CREATE SCHEMA IF NOT EXISTS app_schema;
-- Application Roleの定義
CREATE APPLICATION ROLE app_user;
CREATE APPLICATION ROLE app_admin;
-- Streamlit UIの作成
CREATE STREAMLIT app_schema.my_streamlit_app
FROM '/streamlit'
MAIN_FILE = 'app.py';
-- Application Roleへの権限付与
GRANT USAGE ON SCHEMA app_schema TO APPLICATION ROLE app_user;
GRANT USAGE ON STREAMLIT app_schema.my_streamlit_app TO APPLICATION ROLE app_user;Native Apps can embed an interactive web interface built with Streamlit. Consumers access the Streamlit UI from Snowsight, with Snowflake authentication and role-based access control applied automatically. From inside the Streamlit app, you can drive SQL execution, table reads/writes, and chart rendering on Snowflake with Python code.
Native Apps are designed around the principle of least privilege. By default, an application cannot access the Consumer's data — access is only granted when the Consumer explicitly issues GRANT USAGE or REFERENCE_USAGE.
Inside the application, Application Roles are used. The Provider defines Application Roles inside setup.sql, and the Consumer GRANTs the Application Roles of the installed Application Object to their own account roles.
| Listing Type | Pricing | Characteristics |
|---|---|---|
| Free Listing | Free | Anyone can install. Good for lead generation |
| Paid Listing | Usage-based / Monthly | Usage-based billing or monthly subscription |
| Personalized Listing | Custom | Restricted distribution to specific Consumers |
Native Apps internally leverage the Secure Data Sharing mechanism. By configuring a Provider-side database as the Content Schema of an Application Package, the Consumer's application can reference Provider-side data in read-only mode. No physical data copy is created, and storage costs are incurred only on the Provider side.
Native Apps - Security
問題 1
Which of the following correctly describes how a Snowflake Native App accesses the Consumer's tables after installation?
正解: C
Native Apps follow the principle of least privilege and have no access to the Consumer's data by default. Access only becomes possible after the Consumer explicitly executes GRANT USAGE ON DATABASE / SCHEMA or GRANT SELECT. The manifest.yml can declare required privileges, but the Consumer still has to perform the GRANT operations — they are not granted automatically. The Provider's setup.sql cannot reference Consumer-specific object names, so the design relies on the Consumer configuring the mapping via REFERENCE or Configuration.
Try Native Apps practice questions
Prepare for SnowPro exams with our bilingual question bank
Try free questions →What is the difference between Native Apps and Secure Data Sharing?
Secure Data Sharing only shares data in read-only mode, letting Consumer accounts reference the Provider's tables and views. Native Apps, on the other hand, can package and distribute business logic (Stored Procedures and UDFs) and a Streamlit UI in addition to data. In other words, Native Apps is an application distribution platform that delivers 'data + code + UI' as a single bundle. Consumers can use the Provider-supplied logic and UI as-is just by installing the app, whereas Data Sharing requires the Consumer to build the logic separately.
What are the roles of the Setup Script and Manifest in an Application Package?
manifest.yml defines the application's metadata, declaring version info, the setup script path, and required privileges (IMPORTED PRIVILEGES, CREATE DATABASE, etc.). At install time, the Consumer decides whether to GRANT the privileges declared in the manifest. setup.sql is a SQL script that runs automatically during installation, creating the schemas, tables, views, Stored Procedures, UDFs, and Streamlit UI inside the app. Application Roles are also defined in setup.sql and are mapped to Consumer-side roles.
Who pays the compute cost for a Native App?
A Native App is installed inside the Consumer's account and the code runs on the Consumer's virtual warehouse, so the Consumer pays the compute cost. The Provider pays for development and test environments, but does not incur execution costs for Consumers. With a Paid Listing, the Provider can charge application usage fees through the Marketplace. The Provider's data is shared without copying via Secure Data Sharing, so data transfer costs (within the same region) are also minimal.
Practice with certification-focused question sets
無料で問題を解いてみるNicheeLab Editorial Team
NicheeLab editorial team focused on data engineering and cloud certification learning. Content is structured around practical study needs and official exam domains.
Snowflake Certifications: All 11 Exams Explained (2026)
Every SnowPro certification — Associate, Core, Specialty, Ad...
Snowflake Exam Difficulty Ranking: All 11 Certs Compared (2026)
All 11 SnowPro exams ranked by difficulty with study-time es...
Snowflake Study Guide: Fastest Pass Route by Exam (2026)
How to pass SnowPro certifications efficiently — official ma...
SnowPro Core (COF-C03): Complete Exam Guide (2026)
Pass the SnowPro Core exam — six domains, scope, sample ques...
SnowPro Associate Platform (SOL-C01): Complete Guide (2026)
The entry-level SnowPro Associate exam — scope, weighting, s...