BUSINESS ROLE
Config path: /business_role.yaml
Example:
Schema
{key} (ident) - business role name
{value} (dict)
database_owner (list)
{items} (ident) - grant OWNERSHIP privileges for objects in database
database_write (list)
{items} (ident) - grant WRITE privileges for objects in database
database_read (list)
{items} (ident) - grant READ privileges for objects in database
schema_owner (list)
{items} (ident) - grant OWNERSHIP privileges for objects in schema
schema_read (list)
{items} (ident) - grant READ privileges for objects in schema
schema_write (list)
{items} (ident) - grant WRITE privileges for objects in schema
warehouse_usage (list)
{items} (ident) - grant USAGE privileges for warehouses
warehouse_monitor (list)
{items} (ident) - grant MONITOR privileges for warehouses
technical_roles (list)
{items} (ident) - grant TECHNICAL ROLES
global_roles (list)
{items} (ident) - grant external roles with custom permissions created outside of SnowDDL (e.g.
FIVETRAN_ROLE
)
comment (str)
Usage notes
Schema names should be fully qualified (
<database>.<schema>
).It is possible to specify database and schema names as wildcards (e.g.
<database>.*
). It is helpful for large number of objects with similar names sharing similar access patterns.Global roles are managed outside of SnowDDL and are applied without env prefix.
Links
Last updated