Skip to main content
There is no UI interface to create a network policy for USERADMIN roles on a reader account. You must create, view, remove network polices via a worksheet.Please check out the official snowflake documentation for more information https://docs.snowflake.com/en/sql-reference/sql/create-network-policy
You can follow the syntax guide located in the official Snowflake documentation 
CREATE [ OR REPLACE ] NETWORK POLICY <name>
   [ ALLOWED_NETWORK_RULE_LIST = ( '<network_rule>' [ , '<network_rule>' , ... ] ) ]
   [ BLOCKED_NETWORK_RULE_LIST = ( '<network_rule>' [ , '<network_rule>' , ... ] ) ]
   [ ALLOWED_IP_LIST = ( [ '<ip_address>' ] [ , '<ip_address>' , ... ] ) ]
   [ BLOCKED_IP_LIST = ( [ '<ip_address>' ] [ , '<ip_address>' , ... ] ) ]
   [ COMMENT = '<string_literal>' ]

Creating a Network Policy

Step 1: Create a new worksheet and lets view what existing Network Policies we have 
SHOW NETWORK POLICIES;
Step 2: Lets start by creating a Network Policy with an ALLOWED_IP_LIST 
CREATE NETWORK POLICY mypolicy2 ALLOWED_IP_LIST=('999.999.99.000','111.222.1.000');
Step 3: Now lets view your newly created Network Policy Run the below command to view your Network Policies and which IP addresses are currently assigned 
DESC NETWORK POLICY <your_policy_name>;

ALTER NETWORK POLICY MYPOLICY2 SET BLOCKED_IP_LIST=('22.222.11.111');
Lets run DESC on the Network Policy name to verify our changes 
DESC NETWORK POLICY <your_policy_name>;

Activating Your Network Policy

Once your Network Policy is created reach out to Elation Support Portal to setup additional permissions to allow you to activate your Network Policy When Elation Health has completed the steps required to activate your Network Policy run the below command to activate your Network Policy 
call database.schema_name.setNetworkPolicy('MYPOLICYNAMEEXAMPLE');
Verifying your Network Policy is active To view your newly created Network Policy run the below command 
SHOW PARAMETERS LIKE 'network_policy' IN ACCOUNT;
Or reach out to Elation Support Portal for a representative to verify your Network Policy has been activated.

Switching between active Network Policies

You can only have one active network policy at a time 
ALTER NETWORK POLICY MYPOLICY2 SET BLOCKED_IP_LIST=('22.222.11.111');
Lets run DESC on the Network Policy name to verify our changes 
DESC NETWORK POLICY <your_policy_name>;

Updating an Existing Network Policy

If you need to add additional IP addresses, remove IP addresses, or add in a new parameter you can use the ALTER statement. For example: Lets use the ALTER statement to add a list of blocked IP addresses to our newly created Network Policy 
ALTER NETWORK POLICY MYPOLICY2 SET BLOCKED_IP_LIST=('22.222.11.111');
Lets run DESC on the Network Policy name to verify our changes 
DESC NETWORK POLICY <your_policy_name>;

Removing a Network Policy

Run the below command to remove a Network Policy 
DROP NETWORK POLICY IF EXISTS mypolicy2;
You can then run the bellow command to verify if it has been removed 
SHOW NETWORK POLICIES;