Snowpark lets you run Python / Java / Scala code directly inside Snowflake, but using external packages requires both dependency declarations and security controls. Use the PACKAGES clause to specify conda-managed packages and the IMPORTS clause to pull custom files from a stage. At the organization level, Packages Policy applies allowlists or blocklists to prevent unauthorized package usage.
When you create a Python UDF or stored procedure, use the PACKAGES clause to specify Anaconda-channel packages. Versions can be pinned to an exact match or specified with a wildcard.
-- Specify packages in a Python UDF
CREATE OR REPLACE FUNCTION predict_churn(
tenure INT, monthly_charges FLOAT
)
RETURNS FLOAT
LANGUAGE PYTHON
RUNTIME_VERSION = '3.11'
PACKAGES = (
'snowflake-snowpark-python',
'scikit-learn==1.4.*',
'pandas>=2.0.0,<3.0.0',
'numpy'
)
HANDLER = 'predict'
AS $
import pandas as pd
from sklearn.ensemble import GradientBoostingClassifier
import numpy as np
def predict(tenure, monthly_charges):
# Model logic
return float(np.random.random())
$;
-- Specify packages in a stored procedure
CREATE OR REPLACE PROCEDURE transform_data(table_name STRING)
RETURNS STRING
LANGUAGE PYTHON
RUNTIME_VERSION = '3.11'
PACKAGES = ('snowflake-snowpark-python', 'pandas')
HANDLER = 'run'
AS $
from snowflake.snowpark import Session
def run(session: Session, table_name: str) -> str:
df = session.table(table_name)
result = df.group_by("category").count()
result.write.save_as_table("aggregated_output", mode="overwrite")
return f"Processed {table_name}"
$;-- List available Python packages
SELECT *
FROM INFORMATION_SCHEMA.PACKAGES
WHERE LANGUAGE = 'python'
ORDER BY PACKAGE_NAME;
-- Check versions of a specific package
SELECT PACKAGE_NAME, VERSION
FROM INFORMATION_SCHEMA.PACKAGES
WHERE LANGUAGE = 'python'
AND PACKAGE_NAME = 'scikit-learn'
ORDER BY VERSION DESC;
-- Available versions of the Snowpark Python SDK
SELECT VERSION
FROM INFORMATION_SCHEMA.PACKAGES
WHERE LANGUAGE = 'python'
AND PACKAGE_NAME = 'snowflake-snowpark-python'
ORDER BY VERSION DESC;For custom packages or trained model files that are not on Anaconda, upload them to a stage and reference them with the IMPORTS clause.
-- Upload a custom wheel file to a stage
PUT file:///tmp/my_custom_lib-1.0-py3-none-any.whl
@ml_stage/libs/
AUTO_COMPRESS = FALSE;
-- Upload a trained model file
PUT file:///tmp/model.joblib
@ml_stage/models/
AUTO_COMPRESS = FALSE;
-- UDF that references custom files via the IMPORTS clause
CREATE OR REPLACE FUNCTION score_customer(features VARIANT)
RETURNS FLOAT
LANGUAGE PYTHON
RUNTIME_VERSION = '3.11'
PACKAGES = ('snowflake-snowpark-python', 'scikit-learn', 'joblib')
IMPORTS = (
'@ml_stage/libs/my_custom_lib-1.0-py3-none-any.whl',
'@ml_stage/models/model.joblib'
)
HANDLER = 'score'
AS $
import sys
import os
import joblib
IMPORT_DIR = sys._xoptions.get("snowflake_import_directory")
model = joblib.load(os.path.join(IMPORT_DIR, "model.joblib"))
def score(features):
return float(model.predict([list(features.values())])[0])
$;You can also dynamically add packages via the Snowpark Python SDK Session.
-- Adding packages to a Snowpark Session
-- session.add_packages('pandas', 'scikit-learn==1.4.0')
-- session.add_import('@stage/model.joblib')
-- session.add_requirements('requirements.txt')
-- Typical usage inside a Notebook or stored procedure:
-- from snowflake.snowpark import Session
-- session = Session.builder.configs(connection_params).create()
-- session.add_packages(['pandas==2.1.0', 'numpy'])
-- df = session.table('my_table').to_pandas()
-- # Processing with pandas / numpy...A Packages Policy is a governance feature that controls which packages can be used at the account or database level. Use allowlists or blocklists to restrict package usage and meet security audit and compliance requirements.
-- ALLOWLIST-style (whitelist) Packages Policy
CREATE PACKAGES POLICY prod_python_policy
LANGUAGE PYTHON
ALLOWLIST = (
'snowflake-snowpark-python',
'pandas',
'numpy',
'scikit-learn',
'joblib',
'xgboost'
)
COMMENT = 'Only approved Python packages may be used in production';
-- BLOCKLIST-style Packages Policy
CREATE PACKAGES POLICY dev_python_policy
LANGUAGE PYTHON
BLOCKLIST = (
'subprocess32',
'os-sys'
)
COMMENT = 'Dev: block only packages with known security risks';
-- Apply the policy at the account level
ALTER ACCOUNT SET PACKAGES POLICY prod_python_policy;
-- Apply the policy at the database level
ALTER DATABASE analytics SET PACKAGES POLICY dev_python_policy;
-- Inspect the policy
SHOW PACKAGES POLICIES;
-- Detach the policy
ALTER ACCOUNT UNSET PACKAGES POLICY;| Environment | Recommended Approach | Design Rationale |
|---|---|---|
| Production | ALLOWLIST | Only validated packages are allowed; new additions go through an approval workflow |
| Staging | ALLOWLIST (slightly relaxed) | Trial-allow candidate packages destined for production |
| Development | BLOCKLIST | Block only risky packages and keep developer freedom |
| Sandbox | No policy | Unrestricted for experimentation |
If you don't specify a version in the PACKAGES clause, Snowflake automatically picks the latest compatible version. In production UDFs, always pin at least the major and minor version to guarantee reproducibility.
-- Recommended exact-pin pattern
PACKAGES = (
'pandas==2.1.4',
'scikit-learn==1.4.2',
'numpy==1.26.4'
)
-- Wildcard (pin down to the minor version)
PACKAGES = (
'pandas==2.1.*'
)
-- Range specifier
PACKAGES = (
'pandas>=2.0.0,<3.0.0'
)SnowPro
問題 1
The security team wants Snowpark Python UDFs in production to use only packages from a pre-approved list. Which is the best approach?
正解: B
The ALLOWLIST mode of a Packages Policy is the proper mechanism for restricting UDFs and stored procedures to approved packages only. Verbal guidance is not enforceable, Network Policy is not designed to control the Anaconda repository, and revoking UDF creation privileges is overly restrictive.
Which repository are Snowpark Python packages pulled from?
Snowflake hosts a curated set of packages from the Anaconda (conda-forge) channel. Direct installation from pip (PyPI) is not supported. To use a package that is not on the Anaconda channel, upload a wheel file to a stage and reference it through the IMPORTS clause. You can browse the available packages via the INFORMATION_SCHEMA.PACKAGES view.
When should I use ALLOWLIST vs BLOCKLIST in a Packages Policy?
ALLOWLIST is a whitelist approach that only permits the explicitly listed packages. BLOCKLIST is a blacklist approach that blocks specific packages and allows everything else. Production environments with strict security requirements typically use ALLOWLIST, while development environments commonly use BLOCKLIST to block only packages with known issues.
Does a Packages Policy apply to stored procedures too, not just UDFs?
Yes. A Packages Policy applies to Python UDFs, Python UDTFs, Python stored procedures, and Snowpark DataFrame Session.add_packages() calls. Policies can be set at the account or database level, providing unified package governance across every Snowpark runtime.
Practice with certification-focused question sets
無料で問題を解いてみるNicheeLab Editorial Team
NicheeLab editorial team focused on data engineering and cloud certification learning. Content is structured around practical study needs and official exam domains.
Snowflake Certifications: All 11 Exams Explained (2026)
Every SnowPro certification — Associate, Core, Specialty, Ad...
Snowflake Exam Difficulty Ranking: All 11 Certs Compared (2026)
All 11 SnowPro exams ranked by difficulty with study-time es...
Snowflake Study Guide: Fastest Pass Route by Exam (2026)
How to pass SnowPro certifications efficiently — official ma...
SnowPro Core (COF-C03): Complete Exam Guide (2026)
Pass the SnowPro Core exam — six domains, scope, sample ques...
SnowPro Associate Platform (SOL-C01): Complete Guide (2026)
The entry-level SnowPro Associate exam — scope, weighting, s...