Snowflake has introduced a game-changing feature: the TYPE property for the USER object. This long-awaited update allows us to easily classify human users and service accounts, eliminating the need for manual tagging.
Why Snowflake user type matters
Security is a top priority, and the ability to distinguish between user types helps enforce better authentication policies and governance. Instead of configuring tags manually, admins can now assign user types directly and tailor security measures accordingly.
Available Snowflake user types
The TYPE property accepts the following values:
- PERSON – For human users performing tasks like development, testing, and administration.
- SERVICE – For service accounts running scheduled jobs and automated processes.
- LEGACY_SERVICE – A transitional category for older service accounts.
- NULL – Defaults to PERSON behavior.
Key Features of SERVICE Users
Setting TYPE = SERVICE enforces important security restrictions:
- No password authentication
- No SAML SSO login
- No MFA enrollment
- No user profile details (e.g., name, password settings)
- Cannot reset passwords or disable MFA
How to Set a User Type
-- Set a user as a PERSON (default behavior)
ALTER USER john_doe SET TYPE = 'PERSON';
-- Set a user as a SERVICE account
ALTER USER service_adf SET TYPE = 'SERVICE';
-- Set a user as a LEGACY_SERVICE account
ALTER USER service_adf SET TYPE = 'LEGACY_SERVICE';