Option to disable or specify SECONDARY_ROLES (Avoid inheriting all permissions) #165
Description
Description of the issue
Currently, the Snowflake MCP server does not provide a way to handle SECONDARY_ROLES. In many modern Snowflake accounts, DEFAULT_SECONDARY_ROLES is set to 'ALL' by default for users.
When connecting via the MCP server, even if a specific --role is provided, the session automatically inherits permissions from all other roles assigned to the user. This makes it impossible to strictly sandbox the LLM's access to a specific subset of data using a dedicated "MCP_ROLE" without altering the entire user profile at the Snowflake level.
Current Behavior
- The MCP server connects.
- If the user has DEFAULT_SECONDARY_ROLES = 'ALL', the LLM "sees" every database and schema the human user has access to.
- Attempting to pass --secondary-roles NONE in the command line fails with unrecognized arguments.
Expected Behavior
I would like to be able to ensure that the MCP session is strictly restricted to the role specified in the configuration. Suggested implementations:
- Add a --secondary-roles argument to the CLI (accepting NONE or ALL).
- Or, ensure the Python connector explicitly sets secondary_roles="NONE" unless specified otherwise.
Use Case (Security & Governance)
I want to use my main Snowflake account for convenience but restrict the LLM to a specific LLM_READER_ROLE. This role has access only to non-sensitive data. Currently, because of secondary roles, the LLM can see my entire ERP/HR/Financial data because my human user has those privileges.
Workaround: create a dedicated user restricted to the specific role but with key-pair authentication each people using this MCP should have his own dedicated user which can be tedious in large teams. Do you have another good practice?