SnowDDL
Search…
BUSINESS ROLE
Config path: /business_role.yaml
Example:
bookings_analyst:
schema_read:
- snowddl_db.bookings
warehouse_usage:
- bookings_analyst_wh
​
comment: "Business analyst working on data in Bookings schema"
​
​
sakila_analyst:
schema_read:
- snowddl_db.sakila
schema_owner:
- snowddl_db.sakila_sandbox
warehouse_usage:
- sakila_analyst_wh
​
comment: "Business analyst working on data in Sakila schema"

Schema

  • {key} (ident) - business role name
  • {value} (dict)
    • schema_owner (list)
      • {items} (ident) - grant OWNERSHIP privileges for objects in schemas
    • schema_read (list)
      • {items} (ident) - grant READ privileges for objects in schemas
    • schema_write (list)
      • {items} (ident) - grant WRITE privileges for objects in schemas
    • warehouse_usage (list)
      • {items} (ident) - grant USAGE privileges for warehouses
    • warehouse_monitor (list)
      • {items} (ident) - grant MONITOR privileges for warehouses
    • tech_roles (list)
      • {items} (ident) - grant TECH ROLES
    • global_roles (list)
      • {items} (ident) - grant external roles created outside of SnowDDL (e.g. FIVETRAN_ROLE)
    • comment (str)

Usage notes

  1. 1.
    Schema names should be fully qualified (<database>.<schema>).
  2. 2.
    Alternatively, it is possible to specify schema names as wildcards covering all schemas in specific database (<database>.*). It is helpful for databases with a large number of schemas, which require similar access patterns.
  3. 3.
    Global roles are managed outside of SnowDDL and are applied without env prefix.

Links

Copy link
On this page
Schema
Usage notes
Links