Description of the issue
Currently, the Snowflake MCP server does not provide a way to handle SECONDARY_ROLES. In many modern Snowflake accounts, DEFAULT_SECONDARY_ROLES is set to 'ALL' by default for users.
When connecting via the MCP server, even if a specific --role is provided, the session automatically inherits permissions from all other roles assigned to the user. This makes it impossible to strictly sandbox the LLM's access to a specific subset of data using a dedicated "MCP_ROLE" without altering the entire user profile at the Snowflake level.
Current Behavior
- The MCP server connects.
- If the user has DEFAULT_SECONDARY_ROLES = 'ALL', the LLM "sees" every database and schema the human user has access to.
- Attempting to pass --secondary-roles NONE in the command line fails with unrecognized arguments.
Expected Behavior
I would like to be able to ensure that the MCP session is strictly restricted to the role specified in the configuration. Suggested implementations:
- Add a --secondary-roles argument to the CLI (accepting NONE or ALL).
- Or, ensure the Python connector explicitly sets secondary_roles="NONE" unless specified otherwise.
Use Case (Security & Governance)
I want to use my main Snowflake account for convenience but restrict the LLM to a specific LLM_READER_ROLE. This role has access only to non-sensitive data. Currently, because of secondary roles, the LLM can see my entire ERP/HR/Financial data because my human user has those privileges.
Workaround: create a dedicated user restricted to the specific role but with key-pair authentication each people using this MCP should have his own dedicated user which can be tedious in large teams. Do you have another good practice?
Description of the issue
Currently, the Snowflake MCP server does not provide a way to handle SECONDARY_ROLES. In many modern Snowflake accounts, DEFAULT_SECONDARY_ROLES is set to 'ALL' by default for users.
When connecting via the MCP server, even if a specific --role is provided, the session automatically inherits permissions from all other roles assigned to the user. This makes it impossible to strictly sandbox the LLM's access to a specific subset of data using a dedicated "MCP_ROLE" without altering the entire user profile at the Snowflake level.
Current Behavior
Expected Behavior
I would like to be able to ensure that the MCP session is strictly restricted to the role specified in the configuration. Suggested implementations:
Use Case (Security & Governance)
I want to use my main Snowflake account for convenience but restrict the LLM to a specific LLM_READER_ROLE. This role has access only to non-sensitive data. Currently, because of secondary roles, the LLM can see my entire ERP/HR/Financial data because my human user has those privileges.
Workaround: create a dedicated user restricted to the specific role but with key-pair authentication each people using this MCP should have his own dedicated user which can be tedious in large teams. Do you have another good practice?