# BUSINESS ROLE

Config path: `/business_role.yaml`

Example:

```yaml
bookings_analyst:
  schema_read:
    - snowddl_db.bookings
  warehouse_usage:
    - bookings_analyst_wh

  comment: "Business analyst working on data in Bookings schema"


sakila_analyst:
  schema_read:
    - snowddl_db.sakila
  schema_owner:
    - snowddl_db.sakila_sandbox
  warehouse_usage:
    - sakila_analyst_wh

  comment: "Business analyst working on data in Sakila schema"
```

## Schema

* *{key} (ident)* - business role name
* *{value}* (dict)
  * **database\_owner** (list)
    * *{items}* (ident) - grant OWNERSHIP privileges for objects in database
  * **database\_write** (list)
    * *{items}* (ident) - grant WRITE privileges for objects in database
  * **database\_read** (list)
    * *{items}* (ident) - grant READ privileges for objects in database
  * **schema\_owner** (list)
    * *{items}* (ident) - grant OWNERSHIP privileges for objects in schema
  * **schema\_write** (list)
    * *{items}* (ident) - grant WRITE privileges for objects in schema
  * **schema\_read** (list)
    * *{items}* (ident) - grant READ privileges for objects in schema
  * **share\_read** (list)
    * *{items}* (ident) - grant IMPORTED PRIVILEGES or DATABASE ROLE for inbound share
  * **warehouse\_usage** (list)
    * *{items}* (ident) - grant USAGE privileges for warehouses
  * **warehouse\_monitor** (list)
    * *{items}* (ident) - grant MONITOR privileges for warehouses
  * **application\_roles** (list)
    * *{items}* (ident) - grant APPLICATION ROLES
  * **technical\_roles** (list)
    * *{items}* (ident) - grant TECHNICAL ROLES
  * **global\_roles** (list)
    * *{items}* (ident) - grant external roles with custom permissions created outside of SnowDDL (e.g. `FIVETRAN_ROLE`)
  * **comment** (str)

## Usage notes

1. Schema names should be fully qualified (`<database>.<schema>`).
2. It is possible to specify database and schema names as wildcards (e.g. `<database>.*`). It is helpful for large number of objects with similar names sharing similar access patterns.
3. Global roles are managed outside of SnowDDL and are applied without env prefix.
4. You may grant database roles of inbound shares using **share\_read** parameter. For example: `SNOWFLAKE.OBJECT_VIEWER`.

## Links

* [CREATE ROLE](https://docs.snowflake.com/en/sql-reference/sql/create-role.html)
* [GRANT PRIVILEGE](https://docs.snowflake.com/en/sql-reference/sql/grant-privilege.html)
* [Parser & JSON Schema (GitHub)](https://github.com/littleK0i/SnowDDL/blob/master/snowddl/parser/business_role.py)


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.snowddl.com/basic/yaml-configs/business-role.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.