Sharing is not allowed from an account on BUSINESS CRITICAL edition to an account on a lower edition.

[BoAustin]

When creating a share resource, for example:

resource snowflake_share share {
  name     = "share"
  accounts = "ABC12345"
}

This will end up issuing the following statement:

ALTER SHARE "SHARE" SET ACCOUNTS=ABC12345;

If the account running the command is on BUSINESS CRITICAL edition and ABC12345 is a lower edition you'll get the following error:

SQL execution error: Sharing is not allowed from an account on BUSINESS CRITICAL edition to an account on a lower edition. The following account(s) are on editions lower than BUSINESS CRITICAL: ABC12345. You can override this check for this share by using the OVERRIDE SHARE RESTRICTIONS privilege and the SHARE_RESTRICTIONS flag. Before overriding this check, confirm that the target account has appropriate security controls and is compliant for the data being shared. For example, editions lower than BUSINESS CRITICAL are not PCI-DSS certified.

Here's snowflakes documentation for reference.

The solution is to issue this statement as ACCOUNTADMIN (or with a role that has been granted the OVERRIDE SHARE RESTRICTIONS privilege):

ALTER SHARE "SHARE" SET ACCOUNTS=ABC12345 SHARE_RESTRICTIONS=FALSE;

Ideally we would be able to specify the resource like so:

resource snowflake_share share {
  name     = "share"
  accounts = "ABC12345"
  share_restrictions = false
}

or perhaps to support a mix of account types and still wanting to keep the restriction for some:

resource snowflake_share share {
  name     = "share"
  accounts = {
    locator = "ABC12345"
    share_restrictions = false
  }
}

[foresterr]

It is rather irritating that this has to be bypassed via provisioner or managed outside of Terraform entirely. We run only Business Critical accounts in my company due to non-HIPAA related reasons, and sharing between them is a pain (as they are not HIPAA compliant and won't be, it does not matter that they are all Business Critical)