SnowDDL
Search
K

BUSINESS ROLE

Config path: /business_role.yaml
Example:
bookings_analyst:
schema_read:
- snowddl_db.bookings
warehouse_usage:
- bookings_analyst_wh
comment: "Business analyst working on data in Bookings schema"
sakila_analyst:
schema_read:
- snowddl_db.sakila
schema_owner:
- snowddl_db.sakila_sandbox
warehouse_usage:
- sakila_analyst_wh
comment: "Business analyst working on data in Sakila schema"

Schema

  • {key} (ident) - business role name
  • {value} (dict)
    • schema_owner (list)
      • {items} (ident) - grant OWNERSHIP privileges for objects in schemas
    • schema_read (list)
      • {items} (ident) - grant READ privileges for objects in schemas
    • schema_write (list)
      • {items} (ident) - grant WRITE privileges for objects in schemas
    • warehouse_usage (list)
      • {items} (ident) - grant USAGE privileges for warehouses
    • warehouse_monitor (list)
      • {items} (ident) - grant MONITOR privileges for warehouses
    • tech_roles (list)
      • {items} (ident) - grant TECH ROLES
    • global_roles (list)
      • {items} (ident) - grant external roles created outside of SnowDDL (e.g. FIVETRAN_ROLE)
    • comment (str)

Usage notes

  1. 1.
    Schema names should be fully qualified (<database>.<schema>).
  2. 2.
    Alternatively, it is possible to specify schema names as wildcards covering all schemas in specific database (<database>.*). It is helpful for databases with a large number of schemas, which require similar access patterns.
  3. 3.
    Global roles are managed outside of SnowDDL and are applied without env prefix.
Last modified 1yr ago