A cloud data warehouse (also referred to as a “network-based data warehouse” or simply as a “data warehouse”) is a network-based system used for data analysis and reporting that comprises a central repository of integrated data from one or more disparate sources. A cloud data warehouse can store current and historical data that can be used for creating analytical reports for an enterprise. To this end, data warehouses typically provide business intelligence tools, tools to extract, transform, and load data into the repository, and tools to manage and retrieve metadata.
External stages are components within a cloud data warehouse that facilitate integrations between a cloud data warehouse system and a customer-managed storage location (referred to herein as “storage integrations”). In general, external stages are used to load data to and unload data from customer-managed storage locations. In conventional implementations, external stages must be provided with secret security credentials to read data from and write data to these storage locations. However, the exchange of the secret security credentials creates vulnerabilities that may lead to exposure of the secret security credentials, which may lead to unauthorized access of data. Additionally, in conventional implementations, cloud data warehouse account administrators have limited ability to prohibit creation of external stages by members in an organization, and an external stage could potentially be used to exfiltrate confidential data to a personal location. Further, storage owners do not have fine-grained control over access permissions for the storage locations. Conventional external stages are also limited to use in a single file path and are not able to be used in another file path, even if the credentials used to create the external stage are applicable to the other file path.