How Snowflake Cortex Code (CoCo) Works with RBAC: A Complete Security Guide

Introduction When organizations adopt AI-powered tools inside their data platform, the first question from security teams is always: “What can it access?” Snowflake’s Cortex Code (CoCo) — the AI coding agent embedded in Snowsight and available as a CLI — is designed with a clear answer: it can only do what your role allows. CoCo is not a backdoor. It is a pass-through agent — every action it takes is bounded by the same Role-Based Access Control (RBAC) rules as if the user ran the SQL themselves. This article explains how CoCo and RBAC interact using a real-world enterprise scenario...