Programs run on behalf of a user gain access to all of the user's resources by virtue of a system-wide UserID |
Untrusted programs inherit access to all of a user's resources. |
Snowflake users control resource sharing, and can elect to export only selected resources to the untrusted program. |