{"resources":{"snowflake":{"id":"snowflake","name":"snowflake","fields":{"account":{"name":"account","type":"\u001bsnowflake.account","title":"Snowflake Account","desc":"Examine the Snowflake account and enumerate all top-level objects. Query `users`, `roles`, `databases`, `warehouses`, `stages`, `shares`, `apiIntegrations`, `tags`, `failoverGroups`, and `grants` (account-level privileges). Security controls are accessible through `securityIntegrations`, `passwordPolicies`, `networkPolicies`, `sessionPolicies`, `authenticationPolicies`, `maskingPolicies`, and `secrets`. `resourceMonitors` exposes credit-usage guardrails for warehouses. `accountAdmins` lists users that hold the ACCOUNTADMIN role.","provider":"go.mondoo.com/mql/v13/providers/snowflake","is_implicit_resource":true},"apiIntegration":{"name":"apiIntegration","type":"\u001bsnowflake.apiIntegration","title":"Snowflake API Integration","desc":"Examine a Snowflake API integration that provides authentication context for external functions and Git repository integrations. Fields include `name`, `type` (e.g., aws_api_gateway, azure_api_management, google_api_gateway), `category`, `enabled`, `comment`, and `createdAt`. `properties` returns the full DESCRIBE API INTEGRATION output as a key/value map. URL access lists are in `apiAllowedPrefixes` and `apiBlockedPrefixes`. AWS-specific fields include `apiAwsRoleArn` and `apiAwsExternalId`; Azure-specific fields include `azureTenantId` and `azureAdApplicationId`.","provider":"go.mondoo.com/mql/v13/providers/snowflake","is_implicit_resource":true},"authenticationPolicy":{"name":"authenticationPolicy","type":"\u001bsnowflake.authenticationPolicy","title":"Snowflake Authentication Policy","desc":"Examine a Snowflake authentication policy that controls which authentication methods, MFA settings, and client types are permitted. Authentication policies attach at the account or user level and are the definitive control for \"is MFA enforced\" and \"is password authentication still allowed\". Fields include `name`, `databaseName`, `schemaName`, `owner`, `ownerRoleType`, `comment`, `createdAt`, and `options`. Computed fields surface the active policy settings: `authenticationMethods` (ALL, SAML, PASSWORD, OAUTH, KEYPAIR), `mfaAuthenticationMethods` (ALL, SAML, PASSWORD), `mfaEnrollment` (REQUIRED or OPTIONAL), `clientTypes` (ALL, SNOWFLAKE_UI, DRIVERS, SNOWSQL), and `securityIntegrations` (names of allowed external auth integrations).","provider":"go.mondoo.com/mql/v13/providers/snowflake","is_implicit_resource":true},"currentRole":{"name":"currentRole","type":"\u0007","title":"Current role","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"database":{"name":"database","type":"\u001bsnowflake.database","title":"Snowflake Database","desc":"Examine a Snowflake database. Fields include `name`, `owner`, `origin`, `options`, `retentionTime`, `resourceGroup`, `comment`, `transient`, and timestamps `createdAt` and `droppedAt`. `isDefault` and `isCurrent` reflect session state. `roles` returns database-scoped roles defined within the database.","provider":"go.mondoo.com/mql/v13/providers/snowflake","is_implicit_resource":true},"databaseRole":{"name":"databaseRole","type":"\u001bsnowflake.databaseRole","title":"Snowflake Database Role","desc":"Examine a Snowflake database-scoped role that grants least-privilege access within a single database. Fields include `name`, `databaseName`, `owner`, `ownerRoleType`, `comment`, and `createdAt`. Session state is reflected in `isCurrent` and `isInherited`. Hierarchy depth is captured in `grantedToRoles`, `grantedToDatabaseRoles`, and `grantedDatabaseRoles`.","provider":"go.mondoo.com/mql/v13/providers/snowflake","is_implicit_resource":true},"failoverGroup":{"name":"failoverGroup","type":"\u001bsnowflake.failoverGroup","title":"Snowflake Failover Group","desc":"Examine a Snowflake failover or replication group that replicates account objects to secondary accounts for disaster recovery. Fields include `name`, `type` (ACCOUNT or BUSINESS_CONTINUITY), `isPrimary`, `primary` (fully-qualified primary group identifier), `owner`, `comment`, and `createdAt`. `objectTypes` and `allowedIntegrationTypes` list what is replicated. `allowedAccounts` names target accounts. `replicationSchedule` holds the cron expression (empty for manual refresh). `secondaryState` and `nextScheduledRefresh` reflect the replica's refresh status. Geography fields include `regionGroup` and `snowflakeRegion`. `databases` and `shares` list the objects currently included in the group.","provider":"go.mondoo.com/mql/v13/providers/snowflake","is_implicit_resource":true},"grant":{"name":"grant","type":"\u001bsnowflake.grant","title":"Snowflake Grant","desc":"Examine a single privilege granted on a Snowflake object to a role, user, or share, as returned by SHOW GRANTS. Fields include `privilege` (e.g., USAGE, SELECT, OWNERSHIP), `grantedOn` (object type such as DATABASE or TABLE), `name` (fully qualified object name), `grantedTo` (grantee type: ROLE, USER, SHARE, or DATABASE_ROLE), `granteeName`, `grantOption` (whether the grantee may re-grant), `grantedBy`, and `createdAt`.","provider":"go.mondoo.com/mql/v13/providers/snowflake","is_implicit_resource":true},"maskingPolicy":{"name":"maskingPolicy","type":"\u001bsnowflake.maskingPolicy","title":"Snowflake Masking Policy","desc":"Examine a Snowflake masking policy that redacts column values at query time based on the executing role. Fields include `name`, `databaseName`, `schemaName`, `kind`, `owner`, `ownerRoleType`, `comment`, `createdAt`, and `exemptOtherPolicies` (whether this policy is exempt from row-access or other masking policies). Computed fields expose the policy body: `signature` (the input column names and types, e.g., `val:STRING`), `returnType`, and `body` (the SQL CASE expression that defines the masking). `references` lists every table, view, or column where the policy is currently attached.","provider":"go.mondoo.com/mql/v13/providers/snowflake","is_implicit_resource":true},"networkPolicy":{"name":"networkPolicy","type":"\u001bsnowflake.networkPolicy","title":"Snowflake Network Policy","desc":"Examine a Snowflake network policy that restricts account or user access by IP address and network rules. Fields include `name`, `comment`, `createdAt`, and summary counts for `entriesInAllowedIpList`, `entriesInBlockedIpList`, `entriesInAllowedNetworkRules`, and `entriesInBlockedNetworkRules`. The actual lists are available via `allowedIpList`, `blockedIpList`, `allowedNetworkRules`, and `blockedNetworkRules`.","provider":"go.mondoo.com/mql/v13/providers/snowflake","is_implicit_resource":true},"parameter":{"name":"parameter","type":"\u001bsnowflake.parameter","title":"Snowflake Parameter","desc":"Examine a single Snowflake configuration parameter. Fields include `key` (parameter name), `value` (the effective value), `defaultValue`, `description`, and `level` (the scope at which the value was set — SYSTEM, ACCOUNT, USER, SESSION, or OBJECT).","provider":"go.mondoo.com/mql/v13/providers/snowflake","is_implicit_resource":true},"passwordPolicy":{"name":"passwordPolicy","type":"\u001bsnowflake.passwordPolicy","title":"Snowflake Password Policy","desc":"Examine a Snowflake password policy that governs password complexity and rotation for users in the account. Fields include `name`, `databaseName`, `schemaName`, `owner`, `kind`, `comment`, and `createdAt`. Complexity requirements are exposed as computed integers: `passwordMinLength`, `passwordMaxLength`, `passwordMinUpperCaseChars`, `passwordMinLowerCaseChars`, `passwordMinNumericChars`, `passwordMinSpecialChars`, `passwordMinAgeDays`, `passwordMaxAgeDays`, `passwordMaxRetries`, `passwordLockoutTimeMins`, and `passwordHistory`.","provider":"go.mondoo.com/mql/v13/providers/snowflake","is_implicit_resource":true},"policyReference":{"name":"policyReference","type":"\u001bsnowflake.policyReference","title":"Snowflake Policy Reference","desc":"Examine a single attachment of a policy (masking, row-access, password, projection, aggregation, or authentication) to an entity. Returned by `snowflake.maskingPolicy.references`. Fields include the policy identity (`policyDatabase`, `policySchema`, `policyName`, `policyKind`), the entity the policy is attached to (`refDatabaseName`, `refSchemaName`, `refEntityName`, `refEntityDomain` — one of ACCOUNT, INTEGRATION, TABLE, TAG, USER, VIEW), and `refColumnName` (the column the policy applies to, for column-level policies). `policyStatus` reflects whether the attachment is active.","is_private":true,"provider":"go.mondoo.com/mql/v13/providers/snowflake","is_implicit_resource":true},"procedure":{"name":"procedure","type":"\u001bsnowflake.procedure","title":"Snowflake Procedure","desc":"Examine a Snowflake stored procedure or built-in system procedure. Fields include `name`, `description`, `schemaName`, `catalogName`, `arguments`, and boolean classifiers `isBuiltin`, `isAggregate`, `isAnsi`, `isTableFunction`, `validForClustering`, and `isSecure`. Argument arity is captured in `minNumberOfArguments` and `maxNumberOfArguments`.","provider":"go.mondoo.com/mql/v13/providers/snowflake","is_implicit_resource":true},"resourceMonitor":{"name":"resourceMonitor","type":"\u001bsnowflake.resourceMonitor","title":"Snowflake Resource Monitor","desc":"Examine a Snowflake resource monitor that caps credit consumption for one or more warehouses. Fields include `name`, `level` (ACCOUNT or WAREHOUSE), `creditQuota`, `usedCredits`, `remainingCredits`, `frequency` (e.g., DAILY, WEEKLY, MONTHLY, YEARLY, NEVER), `startTime`, `endTime`, `owner`, `comment`, and `createdAt`. `notifyAt` lists the usage percentages that trigger notifications; `suspendAt` and `suspendImmediateAt` give the percentages at which warehouses are suspended (`null` when not configured). `notifyUsers` names the users that receive alerts.","provider":"go.mondoo.com/mql/v13/providers/snowflake","is_implicit_resource":true},"role":{"name":"role","type":"\u001bsnowflake.role","title":"Snowflake Role","desc":"Examine a Snowflake role and its privilege graph. Fields include `name`, `owner`, `comment`, and counts for `assignedToUsers`, `grantedToRoles`, and `grantedRoles` (the depth of the role hierarchy). `grants` returns all privileges granted to this role (SHOW GRANTS TO ROLE), and `grantees` returns the users and roles this role has been granted to (SHOW GRANTS OF ROLE).","provider":"go.mondoo.com/mql/v13/providers/snowflake","is_implicit_resource":true},"secret":{"name":"secret","type":"\u001bsnowflake.secret","title":"Snowflake Secret","desc":"Examine a Snowflake-managed secret used by external functions, notification integrations, and other Snowflake objects that need to authenticate to external systems. Fields include `name`, `databaseName`, `schemaName`, `owner`, `ownerRoleType`, `comment`, `createdAt`, and `secretType` (PASSWORD, OAUTH2, GENERIC_STRING). `oauthScopes` lists the OAuth scopes granted to the secret. Computed fields fetched on demand via DESCRIBE: `username` (for PASSWORD secrets), `integrationName` (the linked security or API integration), `oauthAccessTokenExpiryTime`, and `oauthRefreshTokenExpiryTime` (rotation deadlines for OAUTH2 secrets).","provider":"go.mondoo.com/mql/v13/providers/snowflake","is_implicit_resource":true},"securityIntegration":{"name":"securityIntegration","type":"\u001bsnowflake.securityIntegration","title":"Snowflake Security Integration","desc":"Examine a Snowflake security integration for external authentication or identity federation. Fields include `name`, `type` (e.g., SAML2, OAUTH), `category`, `enabled`, `comment`, and `createdAt`. `properties` returns the full DESCRIBE SECURITY INTEGRATION output as a key/value map. SAML2-specific properties are surfaced as typed fields: `saml2X509Cert`, `saml2Issuer`, `saml2Provider`, `saml2SsoUrl`, `saml2SignRequest`, and `saml2ForceAuthn`.","provider":"go.mondoo.com/mql/v13/providers/snowflake","is_implicit_resource":true},"sessionPolicy":{"name":"sessionPolicy","type":"\u001bsnowflake.sessionPolicy","title":"Snowflake Session Policy","desc":"Examine a Snowflake session policy that controls how long sessions may remain idle before termination. Fields include `name`, `databaseName`, `schemaName`, `kind`, `owner`, `ownerRoleType`, `comment`, and `options`. Timeout values are computed integers: `sessionIdleTimeoutMins` (Snowflake default 240) applies to all session types, while `sessionUiIdleTimeoutMins` applies specifically to Snowsight browser sessions.","provider":"go.mondoo.com/mql/v13/providers/snowflake","is_implicit_resource":true},"share":{"name":"share","type":"\u001bsnowflake.share","title":"Snowflake Share","desc":"Examine a Snowflake data share, either outbound (shared to other accounts) or inbound (consumed from another account). Fields include `name` (fully qualified for INBOUND, share name for OUTBOUND), `kind` (INBOUND or OUTBOUND), `databaseName`, `owner`, `comment`, `createdAt`, and `to` (the list of target accounts for OUTBOUND shares).","provider":"go.mondoo.com/mql/v13/providers/snowflake","is_implicit_resource":true},"stage":{"name":"stage","type":"\u001bsnowflake.stage","title":"Snowflake Stage","desc":"Examine a Snowflake stage used for loading and unloading data. Fields include `name`, `databaseName`, `schemaName`, `owner`, `ownerRoleType`, `type` (INTERNAL or EXTERNAL), `cloud`, `url`, `endpoint`, `storeIntegration`, `comment`, and `createdAt`. Security attributes `hasCredentials` and `hasEncryptionKey` indicate whether credentials or an encryption key are configured. `directoryEnabled` shows whether a directory table is active.","provider":"go.mondoo.com/mql/v13/providers/snowflake","is_implicit_resource":true},"tag":{"name":"tag","type":"\u001bsnowflake.tag","title":"Snowflake Tag","desc":"Examine a Snowflake tag used for governance, data classification, and policy attachment. Fields include `name`, `databaseName`, `schemaName`, `owner`, `ownerRoleType`, `comment`, `createdAt`, and `allowedValues` (the list of permitted string values; empty when the tag is unrestricted).","provider":"go.mondoo.com/mql/v13/providers/snowflake","is_implicit_resource":true},"user":{"name":"user","type":"\u001bsnowflake.user","title":"Snowflake User","desc":"Examine a Snowflake user account. Fields cover identity (`name`, `email`, `displayName`), authentication state (`hasPassword`, `hasRsaPublicKey`, `extAuthnDuo`), access controls (`disabled`, `mustChangePassword`, `defaultRole`, `defaultWarehouse`), and activity timestamps (`lastSuccessLogin`, `createdAt`, `expiresAt`, `lockedUntil`). `daysSinceLastLogin` is a derived integer (-1 if the user has never logged in). `grants` returns all privileges granted directly to this user. `parameters` lists user-level parameter overrides.","provider":"go.mondoo.com/mql/v13/providers/snowflake","is_implicit_resource":true},"view":{"name":"view","type":"\u001bsnowflake.view","title":"Snowflake View","desc":"Examine a Snowflake view or materialized view. Fields include `name`, `kind`, `databaseName`, `schemaName`, `owner`, `ownerRoleType`, `comment`, `text` (the view definition SQL), and `changeTracking`. Security and materialization state are captured in `isSecure` and `isMaterialized`. `reserved` reflects any reserved flag set by Snowflake.","provider":"go.mondoo.com/mql/v13/providers/snowflake","is_implicit_resource":true},"warehouse":{"name":"warehouse","type":"\u001bsnowflake.warehouse","title":"Snowflake Warehouse","desc":"Examine a Snowflake virtual warehouse that provides compute resources for query execution. Fields include `name`, `state`, `type`, `size`, `owner`, `comment`, and `createdAt`. Cluster configuration is captured in `minClusterCount`, `maxClusterCount`, `startedClusterCount`, `running`, and `queued`. Utilization percentages are in `available`, `provisioning`, `quiescing`, and `other`. Auto-management is controlled by `autoSuspend` (seconds), `autoResume`, and `scalingPolicy`. Query acceleration is exposed through `enableQueryAcceleration` and `queryAccelerationMaxScaleFactor`. `resourceMonitor` names the monitor governing credit usage.","provider":"go.mondoo.com/mql/v13/providers/snowflake","is_implicit_resource":true}},"title":"Snowflake Data Cloud","desc":"Use this namespace to access all Snowflake resources. Query `snowflake.account` for users, roles, security integrations, password and network policies, warehouses, databases, stages, shares, API integrations, tags, failover groups, and grants. `currentRole` returns the role active for the current session.","min_provider_version":"11.0.0","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"snowflake.account":{"id":"snowflake.account","name":"snowflake.account","fields":{"accountAdmins":{"name":"accountAdmins","type":"\u0019\u001bsnowflake.user","title":"Users that hold the ACCOUNTADMIN role (directly or indirectly via role grants)","min_provider_version":"13.0.7","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"accountId":{"name":"accountId","type":"\u0007","title":"Account ID","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"apiIntegrations":{"name":"apiIntegrations","type":"\u0019\u001bsnowflake.apiIntegration","title":"API integrations in the account","min_provider_version":"13.0.7","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"authenticationPolicies":{"name":"authenticationPolicies","type":"\u0019\u001bsnowflake.authenticationPolicy","title":"Authentication policies in the account","min_provider_version":"13.2.7","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"databases":{"name":"databases","type":"\u0019\u001bsnowflake.database","title":"Databases in the account","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"failoverGroups":{"name":"failoverGroups","type":"\u0019\u001bsnowflake.failoverGroup","title":"Failover/replication groups in the account","min_provider_version":"13.1.1","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"grants":{"name":"grants","type":"\u0019\u001bsnowflake.grant","title":"Account-level grants (privileges granted ON ACCOUNT)","min_provider_version":"13.0.7","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"maskingPolicies":{"name":"maskingPolicies","type":"\u0019\u001bsnowflake.maskingPolicy","title":"Masking policies in the account (column-level masking for sensitive data)","min_provider_version":"13.2.7","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"networkPolicies":{"name":"networkPolicies","type":"\u0019\u001bsnowflake.networkPolicy","title":"Network policies in the account","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"parameters":{"name":"parameters","type":"\u0019\u001bsnowflake.parameter","title":"Parameters in the account","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"passwordPolicies":{"name":"passwordPolicies","type":"\u0019\u001bsnowflake.passwordPolicy","title":"Password policies in the account","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"procedures":{"name":"procedures","type":"\u0019\u001bsnowflake.procedure","title":"Procedures in the account","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"region":{"name":"region","type":"\u0007","title":"Account region","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"resourceMonitors":{"name":"resourceMonitors","type":"\u0019\u001bsnowflake.resourceMonitor","title":"Resource monitors that govern credit usage for warehouses","min_provider_version":"13.2.7","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"roles":{"name":"roles","type":"\u0019\u001bsnowflake.role","title":"Roles in the account","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"secrets":{"name":"secrets","type":"\u0019\u001bsnowflake.secret","title":"Snowflake-managed secrets in the account","min_provider_version":"13.2.7","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"securityIntegrations":{"name":"securityIntegrations","type":"\u0019\u001bsnowflake.securityIntegration","title":"Security integrations in the account","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"sessionPolicies":{"name":"sessionPolicies","type":"\u0019\u001bsnowflake.sessionPolicy","title":"Session policies in the account","min_provider_version":"13.0.7","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"shares":{"name":"shares","type":"\u0019\u001bsnowflake.share","title":"Shares in the account (inbound and outbound)","min_provider_version":"13.0.7","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"stages":{"name":"stages","type":"\u0019\u001bsnowflake.stage","title":"Stages in the account","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"tags":{"name":"tags","type":"\u0019\u001bsnowflake.tag","title":"Tags defined in the account (governance / classification)","min_provider_version":"13.1.1","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"url":{"name":"url","type":"\u0007","title":"Account URL","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"users":{"name":"users","type":"\u0019\u001bsnowflake.user","title":"Users in the account","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"warehouses":{"name":"warehouses","type":"\u0019\u001bsnowflake.warehouse","title":"Warehouses in the account","provider":"go.mondoo.com/mql/v13/providers/snowflake"}},"title":"Snowflake Account","desc":"Examine the Snowflake account and enumerate all top-level objects. Query `users`, `roles`, `databases`, `warehouses`, `stages`, `shares`, `apiIntegrations`, `tags`, `failoverGroups`, and `grants` (account-level privileges). Security controls are accessible through `securityIntegrations`, `passwordPolicies`, `networkPolicies`, `sessionPolicies`, `authenticationPolicies`, `maskingPolicies`, and `secrets`. `resourceMonitors` exposes credit-usage guardrails for warehouses. `accountAdmins` lists users that hold the ACCOUNTADMIN role.","min_provider_version":"11.0.0","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"snowflake.apiIntegration":{"id":"snowflake.apiIntegration","name":"snowflake.apiIntegration","fields":{"apiAllowedPrefixes":{"name":"apiAllowedPrefixes","type":"\u0019\u0007","title":"List of URL prefixes that calls from Snowflake are restricted to","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"apiAwsExternalId":{"name":"apiAwsExternalId","type":"\u0007","title":"AWS IAM user ARN that Snowflake uses to assume the role (assume-role principal)","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"apiAwsRoleArn":{"name":"apiAwsRoleArn","type":"\u0007","title":"AWS IAM role ARN for AWS API Gateway integrations","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"apiBlockedPrefixes":{"name":"apiBlockedPrefixes","type":"\u0019\u0007","title":"List of URL prefixes that calls from Snowflake are blocked from","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"azureAdApplicationId":{"name":"azureAdApplicationId","type":"\u0007","title":"Azure AD application ID (for Azure API Management integrations)","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"azureTenantId":{"name":"azureTenantId","type":"\u0007","title":"Azure tenant ID (for Azure API Management integrations)","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"category":{"name":"category","type":"\u0007","is_mandatory":true,"title":"Category of the integration (always \"API\")","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"comment":{"name":"comment","type":"\u0007","is_mandatory":true,"title":"Comment for the integration","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"createdAt":{"name":"createdAt","type":"\t","is_mandatory":true,"title":"When the integration was created","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"enabled":{"name":"enabled","type":"\u0004","is_mandatory":true,"title":"Whether the integration is enabled","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Name of the API integration","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"properties":{"name":"properties","type":"\u001a\u0007\u0007","title":"All properties returned by DESCRIBE API INTEGRATION (e.g., API_AWS_ROLE_ARN, API_ALLOWED_PREFIXES)","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"type":{"name":"type","type":"\u0007","is_mandatory":true,"title":"API type (e.g., aws_api_gateway, azure_api_management, google_api_gateway)","provider":"go.mondoo.com/mql/v13/providers/snowflake"}},"title":"Snowflake API Integration","desc":"Examine a Snowflake API integration that provides authentication context for external functions and Git repository integrations. Fields include `name`, `type` (e.g., aws_api_gateway, azure_api_management, google_api_gateway), `category`, `enabled`, `comment`, and `createdAt`. `properties` returns the full DESCRIBE API INTEGRATION output as a key/value map. URL access lists are in `apiAllowedPrefixes` and `apiBlockedPrefixes`. AWS-specific fields include `apiAwsRoleArn` and `apiAwsExternalId`; Azure-specific fields include `azureTenantId` and `azureAdApplicationId`.","min_provider_version":"13.0.7","defaults":"name type enabled","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"snowflake.authenticationPolicy":{"id":"snowflake.authenticationPolicy","name":"snowflake.authenticationPolicy","fields":{"authenticationMethods":{"name":"authenticationMethods","type":"\u0019\u0007","title":"Permitted authentication methods (one or more of ALL, SAML, PASSWORD, OAUTH, KEYPAIR)","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"clientTypes":{"name":"clientTypes","type":"\u0019\u0007","title":"Permitted client types (one or more of ALL, SNOWFLAKE_UI, DRIVERS, SNOWSQL)","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"comment":{"name":"comment","type":"\u0007","is_mandatory":true,"title":"Optional comment","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"createdAt":{"name":"createdAt","type":"\u0007","is_mandatory":true,"title":"When the policy was created (Snowflake-formatted string)","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"databaseName":{"name":"databaseName","type":"\u0007","is_mandatory":true,"title":"Database that owns the policy","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"mfaAuthenticationMethods":{"name":"mfaAuthenticationMethods","type":"\u0019\u0007","title":"Permitted MFA authentication methods (one or more of ALL, SAML, PASSWORD)","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"mfaEnrollment":{"name":"mfaEnrollment","type":"\u0007","title":"MFA enrollment requirement (REQUIRED or OPTIONAL)","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Authentication policy name","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"options":{"name":"options","type":"\u0007","is_mandatory":true,"title":"Comma-separated list of policy options reported by SHOW","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"owner":{"name":"owner","type":"\u0007","is_mandatory":true,"title":"Owning role","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"ownerRoleType":{"name":"ownerRoleType","type":"\u0007","is_mandatory":true,"title":"Owner role type (ROLE or DATABASE_ROLE)","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"schemaName":{"name":"schemaName","type":"\u0007","is_mandatory":true,"title":"Schema that owns the policy","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"securityIntegrations":{"name":"securityIntegrations","type":"\u0019\u0007","title":"Names of security integrations permitted by this policy","provider":"go.mondoo.com/mql/v13/providers/snowflake"}},"title":"Snowflake Authentication Policy","desc":"Examine a Snowflake authentication policy that controls which authentication methods, MFA settings, and client types are permitted. Authentication policies attach at the account or user level and are the definitive control for \"is MFA enforced\" and \"is password authentication still allowed\". Fields include `name`, `databaseName`, `schemaName`, `owner`, `ownerRoleType`, `comment`, `createdAt`, and `options`. Computed fields surface the active policy settings: `authenticationMethods` (ALL, SAML, PASSWORD, OAUTH, KEYPAIR), `mfaAuthenticationMethods` (ALL, SAML, PASSWORD), `mfaEnrollment` (REQUIRED or OPTIONAL), `clientTypes` (ALL, SNOWFLAKE_UI, DRIVERS, SNOWSQL), and `securityIntegrations` (names of allowed external auth integrations).","min_provider_version":"13.2.7","defaults":"name mfaEnrollment","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"snowflake.database":{"id":"snowflake.database","name":"snowflake.database","fields":{"comment":{"name":"comment","type":"\u0007","is_mandatory":true,"title":"Comment for the database","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"createdAt":{"name":"createdAt","type":"\t","is_mandatory":true,"title":"When the database was created","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"droppedAt":{"name":"droppedAt","type":"\t","is_mandatory":true,"title":"When the database was dropped","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"isCurrent":{"name":"isCurrent","type":"\u0004","is_mandatory":true,"title":"Whether the database is a current database","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"isDefault":{"name":"isDefault","type":"\u0004","is_mandatory":true,"title":"Whether the database is a default database","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Name of the database","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"options":{"name":"options","type":"\u0007","is_mandatory":true,"title":"Database options string","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"origin":{"name":"origin","type":"\u0007","is_mandatory":true,"title":"Database origin","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"owner":{"name":"owner","type":"\u0007","is_mandatory":true,"title":"Database owner","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"resourceGroup":{"name":"resourceGroup","type":"\u0007","is_mandatory":true,"title":"Resource group of the database","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"retentionTime":{"name":"retentionTime","type":"\u0005","is_mandatory":true,"title":"Retention time of the database","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"roles":{"name":"roles","type":"\u0019\u001bsnowflake.databaseRole","title":"Database-scoped roles (SHOW DATABASE ROLES IN DATABASE)","min_provider_version":"13.1.1","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"transient":{"name":"transient","type":"\u0004","is_mandatory":true,"title":"Whether the database is transient","provider":"go.mondoo.com/mql/v13/providers/snowflake"}},"title":"Snowflake Database","desc":"Examine a Snowflake database. Fields include `name`, `owner`, `origin`, `options`, `retentionTime`, `resourceGroup`, `comment`, `transient`, and timestamps `createdAt` and `droppedAt`. `isDefault` and `isCurrent` reflect session state. `roles` returns database-scoped roles defined within the database.","min_provider_version":"11.0.0","defaults":"name","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"snowflake.databaseRole":{"id":"snowflake.databaseRole","name":"snowflake.databaseRole","fields":{"comment":{"name":"comment","type":"\u0007","is_mandatory":true,"title":"Optional comment","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"createdAt":{"name":"createdAt","type":"\t","is_mandatory":true,"title":"When the role was created","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"databaseName":{"name":"databaseName","type":"\u0007","is_mandatory":true,"title":"Database that owns the role","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"grantedDatabaseRoles":{"name":"grantedDatabaseRoles","type":"\u0005","is_mandatory":true,"title":"Number of database roles granted to this role (role chain depth)","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"grantedToDatabaseRoles":{"name":"grantedToDatabaseRoles","type":"\u0005","is_mandatory":true,"title":"Number of database roles this database role has been granted to","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"grantedToRoles":{"name":"grantedToRoles","type":"\u0005","is_mandatory":true,"title":"Number of account roles this database role has been granted to","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"isCurrent":{"name":"isCurrent","type":"\u0004","is_mandatory":true,"title":"Whether the role is the current session's active role","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"isInherited":{"name":"isInherited","type":"\u0004","is_mandatory":true,"title":"Whether the role is inherited via another granted role","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Role name (not database-qualified)","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"owner":{"name":"owner","type":"\u0007","is_mandatory":true,"title":"Owning role","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"ownerRoleType":{"name":"ownerRoleType","type":"\u0007","is_mandatory":true,"title":"Owner role type (ROLE | DATABASE_ROLE)","provider":"go.mondoo.com/mql/v13/providers/snowflake"}},"title":"Snowflake Database Role","desc":"Examine a Snowflake database-scoped role that grants least-privilege access within a single database. Fields include `name`, `databaseName`, `owner`, `ownerRoleType`, `comment`, and `createdAt`. Session state is reflected in `isCurrent` and `isInherited`. Hierarchy depth is captured in `grantedToRoles`, `grantedToDatabaseRoles`, and `grantedDatabaseRoles`.","min_provider_version":"13.1.1","defaults":"databaseName name owner","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"snowflake.failoverGroup":{"id":"snowflake.failoverGroup","name":"snowflake.failoverGroup","fields":{"allowedAccounts":{"name":"allowedAccounts","type":"\u0019\u0007","is_mandatory":true,"title":"Account identifiers (org.account) allowed to host secondaries","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"allowedIntegrationTypes":{"name":"allowedIntegrationTypes","type":"\u0019\u0007","is_mandatory":true,"title":"Integration types allowed for replication (e.g., SECURITY INTEGRATIONS, API INTEGRATIONS)","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"comment":{"name":"comment","type":"\u0007","is_mandatory":true,"title":"Optional comment","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"createdAt":{"name":"createdAt","type":"\t","is_mandatory":true,"title":"When the group was created","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"databases":{"name":"databases","type":"\u0019\u0007","title":"Databases included in the group (lazy: SHOW DATABASES IN FAILOVER GROUP)","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"isPrimary":{"name":"isPrimary","type":"\u0004","is_mandatory":true,"title":"True for the primary group, false for replicas","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Group name","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"nextScheduledRefresh":{"name":"nextScheduledRefresh","type":"\u0007","is_mandatory":true,"title":"Next scheduled refresh time as reported by Snowflake (free-form)","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"objectTypes":{"name":"objectTypes","type":"\u0019\u0007","is_mandatory":true,"title":"Object types replicated by this group (e.g., DATABASES, SHARES, INTEGRATIONS)","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"owner":{"name":"owner","type":"\u0007","is_mandatory":true,"title":"Owning role","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"primary":{"name":"primary","type":"\u0007","is_mandatory":true,"title":"Fully-qualified primary group identifier (org.account.name)","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"regionGroup":{"name":"regionGroup","type":"\u0007","is_mandatory":true,"title":"Region group (for multi-region deployments)","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"replicationSchedule":{"name":"replicationSchedule","type":"\u0007","is_mandatory":true,"title":"Cron-style replication schedule (empty if manual refresh)","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"secondaryState":{"name":"secondaryState","type":"\u0007","is_mandatory":true,"title":"Secondary refresh state (e.g., SUSPENDED, STARTED)","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"shares":{"name":"shares","type":"\u0019\u0007","title":"Shares included in the group (lazy: SHOW SHARES IN FAILOVER GROUP)","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"snowflakeRegion":{"name":"snowflakeRegion","type":"\u0007","is_mandatory":true,"title":"Snowflake region (e.g., AWS_US_WEST_2)","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"type":{"name":"type","type":"\u0007","is_mandatory":true,"title":"Group type (ACCOUNT for failover, BUSINESS_CONTINUITY for replication)","provider":"go.mondoo.com/mql/v13/providers/snowflake"}},"title":"Snowflake Failover Group","desc":"Examine a Snowflake failover or replication group that replicates account objects to secondary accounts for disaster recovery. Fields include `name`, `type` (ACCOUNT or BUSINESS_CONTINUITY), `isPrimary`, `primary` (fully-qualified primary group identifier), `owner`, `comment`, and `createdAt`. `objectTypes` and `allowedIntegrationTypes` list what is replicated. `allowedAccounts` names target accounts. `replicationSchedule` holds the cron expression (empty for manual refresh). `secondaryState` and `nextScheduledRefresh` reflect the replica's refresh status. Geography fields include `regionGroup` and `snowflakeRegion`. `databases` and `shares` list the objects currently included in the group.","min_provider_version":"13.1.1","defaults":"name type isPrimary secondaryState","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"snowflake.grant":{"id":"snowflake.grant","name":"snowflake.grant","fields":{"createdAt":{"name":"createdAt","type":"\t","is_mandatory":true,"title":"When the grant was created","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"grantOption":{"name":"grantOption","type":"\u0004","is_mandatory":true,"title":"Whether the grantee may further grant this privilege (WITH GRANT OPTION)","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"grantedBy":{"name":"grantedBy","type":"\u0007","is_mandatory":true,"title":"Role that issued the grant","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"grantedOn":{"name":"grantedOn","type":"\u0007","is_mandatory":true,"title":"Object type the privilege is on (e.g., DATABASE, SCHEMA, TABLE, ROLE)","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"grantedTo":{"name":"grantedTo","type":"\u0007","is_mandatory":true,"title":"Type of grantee (ROLE, USER, SHARE, DATABASE_ROLE)","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"granteeName":{"name":"granteeName","type":"\u0007","is_mandatory":true,"title":"Name of the grantee (role name, user name, share name, etc.)","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Fully qualified name of the object the privilege is on","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"privilege":{"name":"privilege","type":"\u0007","is_mandatory":true,"title":"Privilege granted (e.g., USAGE, SELECT, OWNERSHIP, MODIFY)","provider":"go.mondoo.com/mql/v13/providers/snowflake"}},"title":"Snowflake Grant","desc":"Examine a single privilege granted on a Snowflake object to a role, user, or share, as returned by SHOW GRANTS. Fields include `privilege` (e.g., USAGE, SELECT, OWNERSHIP), `grantedOn` (object type such as DATABASE or TABLE), `name` (fully qualified object name), `grantedTo` (grantee type: ROLE, USER, SHARE, or DATABASE_ROLE), `granteeName`, `grantOption` (whether the grantee may re-grant), `grantedBy`, and `createdAt`.","min_provider_version":"13.0.7","defaults":"privilege grantedOn name granteeName","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"snowflake.maskingPolicy":{"id":"snowflake.maskingPolicy","name":"snowflake.maskingPolicy","fields":{"body":{"name":"body","type":"\u0007","title":"SQL body that implements the masking","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"comment":{"name":"comment","type":"\u0007","is_mandatory":true,"title":"Optional comment","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"createdAt":{"name":"createdAt","type":"\t","is_mandatory":true,"title":"When the policy was created","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"databaseName":{"name":"databaseName","type":"\u0007","is_mandatory":true,"title":"Database that owns the policy","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"exemptOtherPolicies":{"name":"exemptOtherPolicies","type":"\u0004","is_mandatory":true,"title":"Whether other policies are exempt from this one","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"kind":{"name":"kind","type":"\u0007","is_mandatory":true,"title":"Policy kind classifier (e.g., MASKING_POLICY)","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Policy name (not database-qualified)","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"owner":{"name":"owner","type":"\u0007","is_mandatory":true,"title":"Owning role","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"ownerRoleType":{"name":"ownerRoleType","type":"\u0007","is_mandatory":true,"title":"Owner role type (ROLE or DATABASE_ROLE)","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"references":{"name":"references","type":"\u0019\u001bsnowflake.policyReference","title":"Entities (tables/views/columns) this policy is attached to","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"returnType":{"name":"returnType","type":"\u0007","title":"Data type the masking expression returns","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"schemaName":{"name":"schemaName","type":"\u0007","is_mandatory":true,"title":"Schema that owns the policy","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"signature":{"name":"signature","type":"\u0019\u0007","title":"Input column signature: list of `name:type` pairs","provider":"go.mondoo.com/mql/v13/providers/snowflake"}},"title":"Snowflake Masking Policy","desc":"Examine a Snowflake masking policy that redacts column values at query time based on the executing role. Fields include `name`, `databaseName`, `schemaName`, `kind`, `owner`, `ownerRoleType`, `comment`, `createdAt`, and `exemptOtherPolicies` (whether this policy is exempt from row-access or other masking policies). Computed fields expose the policy body: `signature` (the input column names and types, e.g., `val:STRING`), `returnType`, and `body` (the SQL CASE expression that defines the masking). `references` lists every table, view, or column where the policy is currently attached.","min_provider_version":"13.2.7","defaults":"name databaseName schemaName","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"snowflake.networkPolicy":{"id":"snowflake.networkPolicy","name":"snowflake.networkPolicy","fields":{"allowedIpList":{"name":"allowedIpList","type":"\u0019\u0007","title":"List of IP addresses that are allowed access","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"allowedNetworkRules":{"name":"allowedNetworkRules","type":"\u0019\u0007","title":"List of network rules that contain the network identifiers that are allowed access","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"blockedIpList":{"name":"blockedIpList","type":"\u0019\u0007","title":"List of IP addresses that are denied access","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"blockedNetworkRules":{"name":"blockedNetworkRules","type":"\u0019\u0007","title":"List of network rules that contain the network identifiers that are denied access","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"comment":{"name":"comment","type":"\u0007","is_mandatory":true,"title":"Comment for the network policy","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"createdAt":{"name":"createdAt","type":"\t","is_mandatory":true,"title":"When the network policy was created","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"entriesInAllowedIpList":{"name":"entriesInAllowedIpList","type":"\u0005","is_mandatory":true,"title":"Number of entries in the allowed IP list","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"entriesInAllowedNetworkRules":{"name":"entriesInAllowedNetworkRules","type":"\u0005","is_mandatory":true,"title":"Number of entries in the allowed network rules","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"entriesInBlockedIpList":{"name":"entriesInBlockedIpList","type":"\u0005","is_mandatory":true,"title":"Number of entries in the blocked IP list","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"entriesInBlockedNetworkRules":{"name":"entriesInBlockedNetworkRules","type":"\u0005","is_mandatory":true,"title":"Number of entries in the blocked network rules","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Name of the network policy","provider":"go.mondoo.com/mql/v13/providers/snowflake"}},"title":"Snowflake Network Policy","desc":"Examine a Snowflake network policy that restricts account or user access by IP address and network rules. Fields include `name`, `comment`, `createdAt`, and summary counts for `entriesInAllowedIpList`, `entriesInBlockedIpList`, `entriesInAllowedNetworkRules`, and `entriesInBlockedNetworkRules`. The actual lists are available via `allowedIpList`, `blockedIpList`, `allowedNetworkRules`, and `blockedNetworkRules`.","min_provider_version":"11.0.0","defaults":"name","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"snowflake.parameter":{"id":"snowflake.parameter","name":"snowflake.parameter","fields":{"defaultValue":{"name":"defaultValue","type":"\u0007","is_mandatory":true,"title":"Default value of the parameter","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"description":{"name":"description","type":"\u0007","is_mandatory":true,"title":"Description of the parameter","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"key":{"name":"key","type":"\u0007","is_mandatory":true,"title":"Name of the parameter","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"level":{"name":"level","type":"\u0007","is_mandatory":true,"title":"Level of the parameter","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"value":{"name":"value","type":"\u0007","is_mandatory":true,"title":"Value of the parameter","provider":"go.mondoo.com/mql/v13/providers/snowflake"}},"title":"Snowflake Parameter","desc":"Examine a single Snowflake configuration parameter. Fields include `key` (parameter name), `value` (the effective value), `defaultValue`, `description`, and `level` (the scope at which the value was set — SYSTEM, ACCOUNT, USER, SESSION, or OBJECT).","min_provider_version":"11.0.0","defaults":"key","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"snowflake.passwordPolicy":{"id":"snowflake.passwordPolicy","name":"snowflake.passwordPolicy","fields":{"comment":{"name":"comment","type":"\u0007","is_mandatory":true,"title":"Comment for the password policy","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"createdAt":{"name":"createdAt","type":"\t","is_mandatory":true,"title":"When the password policy was created","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"databaseName":{"name":"databaseName","type":"\u0007","is_mandatory":true,"title":"Name of the database","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"kind":{"name":"kind","type":"\u0007","is_mandatory":true,"title":"Policy kind classifier (e.g., PASSWORD)","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Name of the password policy","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"owner":{"name":"owner","type":"\u0007","is_mandatory":true,"title":"Name of the owner","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"passwordHistory":{"name":"passwordHistory","type":"\u0005","title":"Number of recent passwords to retain","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"passwordLockoutTimeMins":{"name":"passwordLockoutTimeMins","type":"\u0005","title":"How long (in minutes) to lock out the user account","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"passwordMaxAgeDays":{"name":"passwordMaxAgeDays","type":"\u0005","title":"Maximum number of days before password must be changed","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"passwordMaxLength":{"name":"passwordMaxLength","type":"\u0005","title":"Maximum number of characters for password","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"passwordMaxRetries":{"name":"passwordMaxRetries","type":"\u0005","title":"Maximum number of attempts to enter a password before locking out the user account","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"passwordMinAgeDays":{"name":"passwordMinAgeDays","type":"\u0005","title":"Minimum number of days before password can be changed","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"passwordMinLength":{"name":"passwordMinLength","type":"\u0005","title":"Minimum number of characters for password","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"passwordMinLowerCaseChars":{"name":"passwordMinLowerCaseChars","type":"\u0005","title":"Minimum number of lowercase characters for password","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"passwordMinNumericChars":{"name":"passwordMinNumericChars","type":"\u0005","title":"Minimum number of numeric characters for password","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"passwordMinSpecialChars":{"name":"passwordMinSpecialChars","type":"\u0005","title":"Minimum number of special characters for password","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"passwordMinUpperCaseChars":{"name":"passwordMinUpperCaseChars","type":"\u0005","title":"Minimum number of uppercase characters for password","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"schemaName":{"name":"schemaName","type":"\u0007","is_mandatory":true,"title":"Name of the schema","provider":"go.mondoo.com/mql/v13/providers/snowflake"}},"title":"Snowflake Password Policy","desc":"Examine a Snowflake password policy that governs password complexity and rotation for users in the account. Fields include `name`, `databaseName`, `schemaName`, `owner`, `kind`, `comment`, and `createdAt`. Complexity requirements are exposed as computed integers: `passwordMinLength`, `passwordMaxLength`, `passwordMinUpperCaseChars`, `passwordMinLowerCaseChars`, `passwordMinNumericChars`, `passwordMinSpecialChars`, `passwordMinAgeDays`, `passwordMaxAgeDays`, `passwordMaxRetries`, `passwordLockoutTimeMins`, and `passwordHistory`.","min_provider_version":"11.0.0","defaults":"name","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"snowflake.policyReference":{"id":"snowflake.policyReference","name":"snowflake.policyReference","fields":{"policyDatabase":{"name":"policyDatabase","type":"\u0007","is_mandatory":true,"title":"Database that owns the policy","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"policyKind":{"name":"policyKind","type":"\u0007","is_mandatory":true,"title":"Policy kind (MASKING_POLICY, ROW_ACCESS_POLICY, AUTHENTICATION_POLICY, etc.)","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"policyName":{"name":"policyName","type":"\u0007","is_mandatory":true,"title":"Policy name","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"policySchema":{"name":"policySchema","type":"\u0007","is_mandatory":true,"title":"Schema that owns the policy","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"policyStatus":{"name":"policyStatus","type":"\u0007","is_mandatory":true,"title":"Status of the attachment (e.g., ACTIVE)","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"refArgColumnNames":{"name":"refArgColumnNames","type":"\u0007","is_mandatory":true,"title":"Arg column names for table-function references","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"refColumnName":{"name":"refColumnName","type":"\u0007","is_mandatory":true,"title":"Column the policy applies to (for column-level masking)","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"refDatabaseName":{"name":"refDatabaseName","type":"\u0007","is_mandatory":true,"title":"Database of the entity the policy is attached to","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"refEntityDomain":{"name":"refEntityDomain","type":"\u0007","is_mandatory":true,"title":"Domain of the entity the policy is attached to (TABLE, VIEW, COLUMN, TAG, ACCOUNT, USER, INTEGRATION)","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"refEntityName":{"name":"refEntityName","type":"\u0007","is_mandatory":true,"title":"Name of the entity the policy is attached to","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"refSchemaName":{"name":"refSchemaName","type":"\u0007","is_mandatory":true,"title":"Schema of the entity the policy is attached to","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"tagDatabase":{"name":"tagDatabase","type":"\u0007","is_mandatory":true,"title":"Database of the tag, when the policy is attached via a tag","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"tagName":{"name":"tagName","type":"\u0007","is_mandatory":true,"title":"Name of the tag, when the policy is attached via a tag","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"tagSchema":{"name":"tagSchema","type":"\u0007","is_mandatory":true,"title":"Schema of the tag, when the policy is attached via a tag","provider":"go.mondoo.com/mql/v13/providers/snowflake"}},"title":"Snowflake Policy Reference","desc":"Examine a single attachment of a policy (masking, row-access, password, projection, aggregation, or authentication) to an entity. Returned by `snowflake.maskingPolicy.references`. Fields include the policy identity (`policyDatabase`, `policySchema`, `policyName`, `policyKind`), the entity the policy is attached to (`refDatabaseName`, `refSchemaName`, `refEntityName`, `refEntityDomain` — one of ACCOUNT, INTEGRATION, TABLE, TAG, USER, VIEW), and `refColumnName` (the column the policy applies to, for column-level policies). `policyStatus` reflects whether the attachment is active.","private":true,"min_provider_version":"13.2.7","defaults":"policyName refEntityDomain refEntityName refColumnName","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"snowflake.procedure":{"id":"snowflake.procedure","name":"snowflake.procedure","fields":{"arguments":{"name":"arguments","type":"\u0007","is_mandatory":true,"title":"Comma-separated argument signature with type information","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"catalogName":{"name":"catalogName","type":"\u0007","is_mandatory":true,"title":"Catalog name","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"description":{"name":"description","type":"\u0007","is_mandatory":true,"title":"Description of the procedure's purpose and behavior","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"isAggregate":{"name":"isAggregate","type":"\u0004","is_mandatory":true,"title":"Whether the procedure is an aggregate function","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"isAnsi":{"name":"isAnsi","type":"\u0004","is_mandatory":true,"title":"Whether the procedure is an ANSI procedure","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"isBuiltin":{"name":"isBuiltin","type":"\u0004","is_mandatory":true,"title":"Whether the procedure is built in","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"isSecure":{"name":"isSecure","type":"\u0004","is_mandatory":true,"title":"Whether the procedure is secure","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"isTableFunction":{"name":"isTableFunction","type":"\u0004","is_mandatory":true,"title":"Whether the procedure is a table function","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"maxNumberOfArguments":{"name":"maxNumberOfArguments","type":"\u0005","is_mandatory":true,"title":"Maximum number of arguments","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"minNumberOfArguments":{"name":"minNumberOfArguments","type":"\u0005","is_mandatory":true,"title":"Minimum number of arguments","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Name of the procedure","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"schemaName":{"name":"schemaName","type":"\u0007","is_mandatory":true,"title":"Schema name","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"validForClustering":{"name":"validForClustering","type":"\u0004","is_mandatory":true,"title":"Whether the procedure is for clustering","provider":"go.mondoo.com/mql/v13/providers/snowflake"}},"title":"Snowflake Procedure","desc":"Examine a Snowflake stored procedure or built-in system procedure. Fields include `name`, `description`, `schemaName`, `catalogName`, `arguments`, and boolean classifiers `isBuiltin`, `isAggregate`, `isAnsi`, `isTableFunction`, `validForClustering`, and `isSecure`. Argument arity is captured in `minNumberOfArguments` and `maxNumberOfArguments`.","min_provider_version":"11.0.0","defaults":"name","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"snowflake.resourceMonitor":{"id":"snowflake.resourceMonitor","name":"snowflake.resourceMonitor","fields":{"comment":{"name":"comment","type":"\u0007","is_mandatory":true,"title":"Optional comment","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"createdAt":{"name":"createdAt","type":"\t","is_mandatory":true,"title":"When the resource monitor was created","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"creditQuota":{"name":"creditQuota","type":"\u0006","is_mandatory":true,"title":"Total credit quota","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"endTime":{"name":"endTime","type":"\u0007","is_mandatory":true,"title":"When the current period ends (Snowflake-formatted string)","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"frequency":{"name":"frequency","type":"\u0007","is_mandatory":true,"title":"Refresh frequency for the credit quota (DAILY, WEEKLY, MONTHLY, YEARLY, NEVER)","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"level":{"name":"level","type":"\u0007","is_mandatory":true,"title":"Scope at which the monitor applies (ACCOUNT or WAREHOUSE)","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Resource monitor name","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"notifyAt":{"name":"notifyAt","type":"\u0019\u0005","is_mandatory":true,"title":"Usage percentages at which Snowflake sends notifications","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"notifyUsers":{"name":"notifyUsers","type":"\u0019\u0007","is_mandatory":true,"title":"Users notified when notification thresholds are crossed","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"owner":{"name":"owner","type":"\u0007","is_mandatory":true,"title":"Owning role","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"remainingCredits":{"name":"remainingCredits","type":"\u0006","is_mandatory":true,"title":"Credits remaining in the current period","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"startTime":{"name":"startTime","type":"\u0007","is_mandatory":true,"title":"When the current period started (Snowflake-formatted string)","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"suspendAt":{"name":"suspendAt","type":"\u0005","title":"Percentage at which the monitor suspends warehouses (allows running queries to finish); null if unset","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"suspendImmediateAt":{"name":"suspendImmediateAt","type":"\u0005","title":"Percentage at which the monitor immediately suspends warehouses; null if unset","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"usedCredits":{"name":"usedCredits","type":"\u0006","is_mandatory":true,"title":"Credits consumed in the current period","provider":"go.mondoo.com/mql/v13/providers/snowflake"}},"title":"Snowflake Resource Monitor","desc":"Examine a Snowflake resource monitor that caps credit consumption for one or more warehouses. Fields include `name`, `level` (ACCOUNT or WAREHOUSE), `creditQuota`, `usedCredits`, `remainingCredits`, `frequency` (e.g., DAILY, WEEKLY, MONTHLY, YEARLY, NEVER), `startTime`, `endTime`, `owner`, `comment`, and `createdAt`. `notifyAt` lists the usage percentages that trigger notifications; `suspendAt` and `suspendImmediateAt` give the percentages at which warehouses are suspended (`null` when not configured). `notifyUsers` names the users that receive alerts.","min_provider_version":"13.2.7","defaults":"name creditQuota usedCredits level","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"snowflake.role":{"id":"snowflake.role","name":"snowflake.role","fields":{"assignedToUsers":{"name":"assignedToUsers","type":"\u0005","is_mandatory":true,"title":"Number of users assigned to the role","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"comment":{"name":"comment","type":"\u0007","is_mandatory":true,"title":"Comment for the role","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"grantedRoles":{"name":"grantedRoles","type":"\u0005","is_mandatory":true,"title":"Number of roles granted to this role (this role's privileges)","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"grantedToRoles":{"name":"grantedToRoles","type":"\u0005","is_mandatory":true,"title":"Number of other roles to which this role is granted (this role's grantees)","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"grantees":{"name":"grantees","type":"\u0019\u001bsnowflake.grant","title":"Names of grantees (users and roles) this role is granted to (SHOW GRANTS OF ROLE)","min_provider_version":"13.0.7","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"grants":{"name":"grants","type":"\u0019\u001bsnowflake.grant","title":"Privileges granted to this role (SHOW GRANTS TO ROLE)","min_provider_version":"13.0.7","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"isCurrent":{"name":"isCurrent","type":"\u0004","is_mandatory":true,"title":"Whether the role is a current role","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"isDefault":{"name":"isDefault","type":"\u0004","is_mandatory":true,"title":"Whether the role is the default role","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"isInherited":{"name":"isInherited","type":"\u0004","is_mandatory":true,"title":"Whether the role is a shared role","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Role name","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"owner":{"name":"owner","type":"\u0007","is_mandatory":true,"title":"Owner of the role","provider":"go.mondoo.com/mql/v13/providers/snowflake"}},"title":"Snowflake Role","desc":"Examine a Snowflake role and its privilege graph. Fields include `name`, `owner`, `comment`, and counts for `assignedToUsers`, `grantedToRoles`, and `grantedRoles` (the depth of the role hierarchy). `grants` returns all privileges granted to this role (SHOW GRANTS TO ROLE), and `grantees` returns the users and roles this role has been granted to (SHOW GRANTS OF ROLE).","min_provider_version":"11.0.0","defaults":"name","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"snowflake.secret":{"id":"snowflake.secret","name":"snowflake.secret","fields":{"comment":{"name":"comment","type":"\u0007","is_mandatory":true,"title":"Optional comment","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"createdAt":{"name":"createdAt","type":"\t","is_mandatory":true,"title":"When the secret was created","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"databaseName":{"name":"databaseName","type":"\u0007","is_mandatory":true,"title":"Database that owns the secret","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"integrationName":{"name":"integrationName","type":"\u0007","title":"Name of the security or API integration the secret is bound to","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Secret name (not database-qualified)","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"oauthAccessTokenExpiryTime":{"name":"oauthAccessTokenExpiryTime","type":"\t","title":"When the OAuth access token expires","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"oauthRefreshTokenExpiryTime":{"name":"oauthRefreshTokenExpiryTime","type":"\t","title":"When the OAuth refresh token expires","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"oauthScopes":{"name":"oauthScopes","type":"\u0019\u0007","is_mandatory":true,"title":"OAuth scopes granted to the secret","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"owner":{"name":"owner","type":"\u0007","is_mandatory":true,"title":"Owning role","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"ownerRoleType":{"name":"ownerRoleType","type":"\u0007","is_mandatory":true,"title":"Owner role type (ROLE or DATABASE_ROLE)","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"schemaName":{"name":"schemaName","type":"\u0007","is_mandatory":true,"title":"Schema that owns the secret","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"secretType":{"name":"secretType","type":"\u0007","is_mandatory":true,"title":"Secret type (PASSWORD, OAUTH2, GENERIC_STRING)","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"username":{"name":"username","type":"\u0007","title":"Username stored in the secret (PASSWORD secrets only)","provider":"go.mondoo.com/mql/v13/providers/snowflake"}},"title":"Snowflake Secret","desc":"Examine a Snowflake-managed secret used by external functions, notification integrations, and other Snowflake objects that need to authenticate to external systems. Fields include `name`, `databaseName`, `schemaName`, `owner`, `ownerRoleType`, `comment`, `createdAt`, and `secretType` (PASSWORD, OAUTH2, GENERIC_STRING). `oauthScopes` lists the OAuth scopes granted to the secret. Computed fields fetched on demand via DESCRIBE: `username` (for PASSWORD secrets), `integrationName` (the linked security or API integration), `oauthAccessTokenExpiryTime`, and `oauthRefreshTokenExpiryTime` (rotation deadlines for OAUTH2 secrets).","min_provider_version":"13.2.7","defaults":"name secretType databaseName schemaName","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"snowflake.securityIntegration":{"id":"snowflake.securityIntegration","name":"snowflake.securityIntegration","fields":{"category":{"name":"category","type":"\u0007","is_mandatory":true,"title":"Category of the security integration","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"comment":{"name":"comment","type":"\u0007","is_mandatory":true,"title":"Comment for the security integration","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"createdAt":{"name":"createdAt","type":"\t","is_mandatory":true,"title":"When the security integration was created","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"enabled":{"name":"enabled","type":"\u0004","is_mandatory":true,"title":"Whether the security integration is enabled","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Name of the security integration","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"properties":{"name":"properties","type":"\u001a\u0007\u0007","title":"All properties returned by DESCRIBE SECURITY INTEGRATION (includes SAML2_X509_CERT, SAML2_ISSUER, OAUTH_*, etc.)","min_provider_version":"13.0.7","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"saml2ForceAuthn":{"name":"saml2ForceAuthn","type":"\u0004","title":"SAML2_FORCE_AUTHN property (only set for SAML2 integrations)","min_provider_version":"13.0.7","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"saml2Issuer":{"name":"saml2Issuer","type":"\u0007","title":"SAML2_ISSUER property (only set for SAML2 integrations)","min_provider_version":"13.0.7","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"saml2Provider":{"name":"saml2Provider","type":"\u0007","title":"SAML2_PROVIDER property (only set for SAML2 integrations)","min_provider_version":"13.0.7","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"saml2SignRequest":{"name":"saml2SignRequest","type":"\u0004","title":"SAML2_SIGN_REQUEST property (only set for SAML2 integrations)","min_provider_version":"13.0.7","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"saml2SsoUrl":{"name":"saml2SsoUrl","type":"\u0007","title":"SAML2_SSO_URL property (only set for SAML2 integrations)","min_provider_version":"13.0.7","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"saml2X509Cert":{"name":"saml2X509Cert","type":"\u0007","title":"SAML2_X509_CERT property (only set for SAML2 integrations)","min_provider_version":"13.0.7","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"type":{"name":"type","type":"\u0007","is_mandatory":true,"title":"Type of the security integration","provider":"go.mondoo.com/mql/v13/providers/snowflake"}},"title":"Snowflake Security Integration","desc":"Examine a Snowflake security integration for external authentication or identity federation. Fields include `name`, `type` (e.g., SAML2, OAUTH), `category`, `enabled`, `comment`, and `createdAt`. `properties` returns the full DESCRIBE SECURITY INTEGRATION output as a key/value map. SAML2-specific properties are surfaced as typed fields: `saml2X509Cert`, `saml2Issuer`, `saml2Provider`, `saml2SsoUrl`, `saml2SignRequest`, and `saml2ForceAuthn`.","min_provider_version":"11.0.0","defaults":"name","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"snowflake.sessionPolicy":{"id":"snowflake.sessionPolicy","name":"snowflake.sessionPolicy","fields":{"comment":{"name":"comment","type":"\u0007","is_mandatory":true,"title":"Comment for the session policy","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"databaseName":{"name":"databaseName","type":"\u0007","is_mandatory":true,"title":"Database name","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"kind":{"name":"kind","type":"\u0007","is_mandatory":true,"title":"Kind of policy","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Name of the session policy","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"options":{"name":"options","type":"\u0007","is_mandatory":true,"title":"Comma-separated list of options","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"owner":{"name":"owner","type":"\u0007","is_mandatory":true,"title":"Owner of the session policy","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"ownerRoleType":{"name":"ownerRoleType","type":"\u0007","is_mandatory":true,"title":"Type of the role that owns the resource (ROLE or DATABASE_ROLE)","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"schemaName":{"name":"schemaName","type":"\u0007","is_mandatory":true,"title":"Schema name","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"sessionIdleTimeoutMins":{"name":"sessionIdleTimeoutMins","type":"\u0005","title":"Time in minutes a session can remain idle before being terminated (Snowflake default 240)","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"sessionUiIdleTimeoutMins":{"name":"sessionUiIdleTimeoutMins","type":"\u0005","title":"Time in minutes a UI (Snowsight) session can remain idle before being terminated (Snowflake default 240)","provider":"go.mondoo.com/mql/v13/providers/snowflake"}},"title":"Snowflake Session Policy","desc":"Examine a Snowflake session policy that controls how long sessions may remain idle before termination. Fields include `name`, `databaseName`, `schemaName`, `kind`, `owner`, `ownerRoleType`, `comment`, and `options`. Timeout values are computed integers: `sessionIdleTimeoutMins` (Snowflake default 240) applies to all session types, while `sessionUiIdleTimeoutMins` applies specifically to Snowsight browser sessions.","min_provider_version":"13.0.7","defaults":"name sessionIdleTimeoutMins","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"snowflake.share":{"id":"snowflake.share","name":"snowflake.share","fields":{"comment":{"name":"comment","type":"\u0007","is_mandatory":true,"title":"Comment for the share","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"createdAt":{"name":"createdAt","type":"\t","is_mandatory":true,"title":"When the share was created","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"databaseName":{"name":"databaseName","type":"\u0007","is_mandatory":true,"title":"Database backing the share","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"kind":{"name":"kind","type":"\u0007","is_mandatory":true,"title":"Kind of share: INBOUND or OUTBOUND","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Fully qualified share name (account.share for INBOUND, share name for OUTBOUND)","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"owner":{"name":"owner","type":"\u0007","is_mandatory":true,"title":"Owner of the share","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"to":{"name":"to","type":"\u0019\u0007","is_mandatory":true,"title":"For OUTBOUND shares, list of accounts the share has been granted to","provider":"go.mondoo.com/mql/v13/providers/snowflake"}},"title":"Snowflake Share","desc":"Examine a Snowflake data share, either outbound (shared to other accounts) or inbound (consumed from another account). Fields include `name` (fully qualified for INBOUND, share name for OUTBOUND), `kind` (INBOUND or OUTBOUND), `databaseName`, `owner`, `comment`, `createdAt`, and `to` (the list of target accounts for OUTBOUND shares).","min_provider_version":"13.0.7","defaults":"name kind","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"snowflake.stage":{"id":"snowflake.stage","name":"snowflake.stage","fields":{"cloud":{"name":"cloud","type":"\u0007","is_mandatory":true,"title":"Cloud provider of the stage","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"comment":{"name":"comment","type":"\u0007","is_mandatory":true,"title":"Comment for the stage","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"createdAt":{"name":"createdAt","type":"\t","is_mandatory":true,"title":"When the stage was created","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"databaseName":{"name":"databaseName","type":"\u0007","is_mandatory":true,"title":"Database name","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"directoryEnabled":{"name":"directoryEnabled","type":"\u0004","is_mandatory":true,"title":"Whether a directory table is enabled for the stage","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"endpoint":{"name":"endpoint","type":"\u0007","is_mandatory":true,"title":"Endpoint of the stage","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"hasCredentials":{"name":"hasCredentials","type":"\u0004","is_mandatory":true,"title":"Whether the stage has credentials","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"hasEncryptionKey":{"name":"hasEncryptionKey","type":"\u0004","is_mandatory":true,"title":"Whether the stage has encryption key","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Name of the stage","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"owner":{"name":"owner","type":"\u0007","is_mandatory":true,"title":"Owner of the stage","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"ownerRoleType":{"name":"ownerRoleType","type":"\u0007","is_mandatory":true,"title":"Type of the role that owns the resource (ROLE or DATABASE_ROLE)","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"schemaName":{"name":"schemaName","type":"\u0007","is_mandatory":true,"title":"Schema name","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"storeIntegration":{"name":"storeIntegration","type":"\u0007","is_mandatory":true,"title":"Storage integration of the stage","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"type":{"name":"type","type":"\u0007","is_mandatory":true,"title":"Stage type","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"url":{"name":"url","type":"\u0007","is_mandatory":true,"title":"URL of the stage","provider":"go.mondoo.com/mql/v13/providers/snowflake"}},"title":"Snowflake Stage","desc":"Examine a Snowflake stage used for loading and unloading data. Fields include `name`, `databaseName`, `schemaName`, `owner`, `ownerRoleType`, `type` (INTERNAL or EXTERNAL), `cloud`, `url`, `endpoint`, `storeIntegration`, `comment`, and `createdAt`. Security attributes `hasCredentials` and `hasEncryptionKey` indicate whether credentials or an encryption key are configured. `directoryEnabled` shows whether a directory table is active.","min_provider_version":"11.0.0","defaults":"name","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"snowflake.tag":{"id":"snowflake.tag","name":"snowflake.tag","fields":{"allowedValues":{"name":"allowedValues","type":"\u0019\u0007","is_mandatory":true,"title":"Allowed string values for the tag (empty if unrestricted)","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"comment":{"name":"comment","type":"\u0007","is_mandatory":true,"title":"Optional comment","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"createdAt":{"name":"createdAt","type":"\t","is_mandatory":true,"title":"When the tag was created","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"databaseName":{"name":"databaseName","type":"\u0007","is_mandatory":true,"title":"Database that owns the tag","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Tag name (object name, not database-qualified)","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"owner":{"name":"owner","type":"\u0007","is_mandatory":true,"title":"Owning role","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"ownerRoleType":{"name":"ownerRoleType","type":"\u0007","is_mandatory":true,"title":"Owner role type (ROLE | DATABASE_ROLE)","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"schemaName":{"name":"schemaName","type":"\u0007","is_mandatory":true,"title":"Schema that owns the tag","provider":"go.mondoo.com/mql/v13/providers/snowflake"}},"title":"Snowflake Tag","desc":"Examine a Snowflake tag used for governance, data classification, and policy attachment. Fields include `name`, `databaseName`, `schemaName`, `owner`, `ownerRoleType`, `comment`, `createdAt`, and `allowedValues` (the list of permitted string values; empty when the tag is unrestricted).","min_provider_version":"13.1.1","defaults":"name databaseName schemaName","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"snowflake.user":{"id":"snowflake.user","name":"snowflake.user","fields":{"comment":{"name":"comment","type":"\u0007","is_mandatory":true,"title":"Comment for the user","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"createdAt":{"name":"createdAt","type":"\t","is_mandatory":true,"title":"When the user was created","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"daysSinceLastLogin":{"name":"daysSinceLastLogin","type":"\u0005","title":"Number of days since the user last successfully logged in (-1 if never logged in)","min_provider_version":"13.0.7","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"defaultNamespace":{"name":"defaultNamespace","type":"\u0007","is_mandatory":true,"title":"Namespace that is active by default","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"defaultRole":{"name":"defaultRole","type":"\u0007","is_mandatory":true,"title":"Default role for the user","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"defaultWarehouse":{"name":"defaultWarehouse","type":"\u0007","is_mandatory":true,"title":"Virtual warehouse that is active by default","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"disabled":{"name":"disabled","type":"\u0004","is_mandatory":true,"title":"Whether the user is disabled","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"displayName":{"name":"displayName","type":"\u0007","is_mandatory":true,"title":"Display name","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"email":{"name":"email","type":"\u0007","is_mandatory":true,"title":"Email address","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"expiresAt":{"name":"expiresAt","type":"\t","is_mandatory":true,"title":"When the user expires","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"extAuthnDuo":{"name":"extAuthnDuo","type":"\u0004","is_mandatory":true,"title":"Whether the user is enrolled in Duo MFA via Snowflake's external authenticator","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"extAuthnUid":{"name":"extAuthnUid","type":"\u0007","is_mandatory":true,"title":"Duo external-authentication user ID linking the Snowflake user to their Duo account","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"firstName":{"name":"firstName","type":"\u0007","is_mandatory":true,"title":"First name","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"grants":{"name":"grants","type":"\u0019\u001bsnowflake.grant","title":"Roles granted directly to this user (SHOW GRANTS TO USER)","min_provider_version":"13.0.7","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"hasPassword":{"name":"hasPassword","type":"\u0004","is_mandatory":true,"title":"Whether the user has a password","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"hasRsaPublicKey":{"name":"hasRsaPublicKey","type":"\u0004","is_mandatory":true,"title":"Whether the user has MFA enabled","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"lastName":{"name":"lastName","type":"\u0007","is_mandatory":true,"title":"Last name","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"lastSuccessLogin":{"name":"lastSuccessLogin","type":"\t","is_mandatory":true,"title":"Last time the user logged in","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"lockedUntil":{"name":"lockedUntil","type":"\t","is_mandatory":true,"title":"Time until the user is locked","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"login":{"name":"login","type":"\u0007","is_mandatory":true,"title":"Login name","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"mustChangePassword":{"name":"mustChangePassword","type":"\u0004","is_mandatory":true,"title":"Whether the user is forced to change their password","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"User name","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"parameters":{"name":"parameters","type":"\u0019\u001bsnowflake.parameter","title":"Parameters for the user","provider":"go.mondoo.com/mql/v13/providers/snowflake"}},"title":"Snowflake User","desc":"Examine a Snowflake user account. Fields cover identity (`name`, `email`, `displayName`), authentication state (`hasPassword`, `hasRsaPublicKey`, `extAuthnDuo`), access controls (`disabled`, `mustChangePassword`, `defaultRole`, `defaultWarehouse`), and activity timestamps (`lastSuccessLogin`, `createdAt`, `expiresAt`, `lockedUntil`). `daysSinceLastLogin` is a derived integer (-1 if the user has never logged in). `grants` returns all privileges granted directly to this user. `parameters` lists user-level parameter overrides.","min_provider_version":"11.0.0","defaults":"name","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"snowflake.view":{"id":"snowflake.view","name":"snowflake.view","fields":{"changeTracking":{"name":"changeTracking","type":"\u0007","is_mandatory":true,"title":"View change tracking","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"comment":{"name":"comment","type":"\u0007","is_mandatory":true,"title":"Comment for the view","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"databaseName":{"name":"databaseName","type":"\u0007","is_mandatory":true,"title":"Database name","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"isMaterialized":{"name":"isMaterialized","type":"\u0004","is_mandatory":true,"title":"Whether the view is materialized","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"isSecure":{"name":"isSecure","type":"\u0004","is_mandatory":true,"title":"Whether the view is secure","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"kind":{"name":"kind","type":"\u0007","is_mandatory":true,"title":"Kind of view","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Name of the view","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"owner":{"name":"owner","type":"\u0007","is_mandatory":true,"title":"Owner of the view","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"ownerRoleType":{"name":"ownerRoleType","type":"\u0007","is_mandatory":true,"title":"Type of the role that owns the resource (ROLE or DATABASE_ROLE)","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"reserved":{"name":"reserved","type":"\u0007","is_mandatory":true,"title":"Whether the view is reserved","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"schemaName":{"name":"schemaName","type":"\u0007","is_mandatory":true,"title":"Schema name","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"text":{"name":"text","type":"\u0007","is_mandatory":true,"title":"Text of the view","provider":"go.mondoo.com/mql/v13/providers/snowflake"}},"title":"Snowflake View","desc":"Examine a Snowflake view or materialized view. Fields include `name`, `kind`, `databaseName`, `schemaName`, `owner`, `ownerRoleType`, `comment`, `text` (the view definition SQL), and `changeTracking`. Security and materialization state are captured in `isSecure` and `isMaterialized`. `reserved` reflects any reserved flag set by Snowflake.","min_provider_version":"11.0.0","defaults":"name","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"snowflake.warehouse":{"id":"snowflake.warehouse","name":"snowflake.warehouse","fields":{"autoResume":{"name":"autoResume","type":"\u0004","is_mandatory":true,"title":"Whether the warehouse, if suspended, automatically resumes","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"autoSuspend":{"name":"autoSuspend","type":"\u0005","is_mandatory":true,"title":"Period of inactivity, in seconds, after which a running warehouse automatically suspends and stops using credits","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"available":{"name":"available","type":"\u0006","is_mandatory":true,"title":"Percentage of the warehouse compute resources available","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"comment":{"name":"comment","type":"\u0007","is_mandatory":true,"title":"Comment for the warehouse","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"createdAt":{"name":"createdAt","type":"\t","is_mandatory":true,"title":"When the warehouse was created","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"enableQueryAcceleration":{"name":"enableQueryAcceleration","type":"\u0004","is_mandatory":true,"title":"Whether query acceleration is enabled","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"isCurrent":{"name":"isCurrent","type":"\u0004","is_mandatory":true,"title":"Whether the warehouse is a current warehouse","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"isDefault":{"name":"isDefault","type":"\u0004","is_mandatory":true,"title":"Whether the warehouse is a default warehouse","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"maxClusterCount":{"name":"maxClusterCount","type":"\u0005","is_mandatory":true,"title":"Maximum cluster count","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"minClusterCount":{"name":"minClusterCount","type":"\u0005","is_mandatory":true,"title":"Minimum cluster count","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"name":{"name":"name","type":"\u0007","is_mandatory":true,"title":"Name of the warehouse","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"other":{"name":"other","type":"\u0006","is_mandatory":true,"title":"Percentage of the warehouse compute not in available, provisioning, or quiescing state","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"owner":{"name":"owner","type":"\u0007","is_mandatory":true,"title":"Warehouse owner","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"ownerRoleType":{"name":"ownerRoleType","type":"\u0007","is_mandatory":true,"title":"Type of the role that owns the resource (ROLE or DATABASE_ROLE)","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"provisioning":{"name":"provisioning","type":"\u0006","is_mandatory":true,"title":"Percentage of the warehouse compute resources in provisioning","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"queryAccelerationMaxScaleFactor":{"name":"queryAccelerationMaxScaleFactor","type":"\u0005","is_mandatory":true,"title":"Query acceleration scale factor","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"queued":{"name":"queued","type":"\u0005","is_mandatory":true,"title":"Number of queued clusters","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"quiescing":{"name":"quiescing","type":"\u0006","is_mandatory":true,"title":"Percentage of the warehouse compute resources that execute queries","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"resourceMonitor":{"name":"resourceMonitor","type":"\u0007","is_mandatory":true,"title":"Resource monitor of the warehouse","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"resumedAt":{"name":"resumedAt","type":"\t","is_mandatory":true,"title":"When the warehouse resumed","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"running":{"name":"running","type":"\u0005","is_mandatory":true,"title":"Number of running clusters","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"scalingPolicy":{"name":"scalingPolicy","type":"\u0007","is_mandatory":true,"title":"Scaling policy of the warehouse","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"size":{"name":"size","type":"\u0007","is_mandatory":true,"title":"Warehouse size","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"startedClusterCount":{"name":"startedClusterCount","type":"\u0005","is_mandatory":true,"title":"Number of started clusters","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"state":{"name":"state","type":"\u0007","is_mandatory":true,"title":"Whether the warehouse is active/running, inactive or resizing","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"type":{"name":"type","type":"\u0007","is_mandatory":true,"title":"Warehouse type","provider":"go.mondoo.com/mql/v13/providers/snowflake"},"updatedAt":{"name":"updatedAt","type":"\t","is_mandatory":true,"title":"When the warehouse was updated","provider":"go.mondoo.com/mql/v13/providers/snowflake"}},"title":"Snowflake Warehouse","desc":"Examine a Snowflake virtual warehouse that provides compute resources for query execution. Fields include `name`, `state`, `type`, `size`, `owner`, `comment`, and `createdAt`. Cluster configuration is captured in `minClusterCount`, `maxClusterCount`, `startedClusterCount`, `running`, and `queued`. Utilization percentages are in `available`, `provisioning`, `quiescing`, and `other`. Auto-management is controlled by `autoSuspend` (seconds), `autoResume`, and `scalingPolicy`. Query acceleration is exposed through `enableQueryAcceleration` and `queryAccelerationMaxScaleFactor`. `resourceMonitor` names the monitor governing credit usage.","min_provider_version":"11.0.0","defaults":"name","provider":"go.mondoo.com/mql/v13/providers/snowflake"}}}