BUSINESS ROLE
Config path:
/business_role.yaml
Example:
bookings_analyst:
schema_read:
- snowddl_db.bookings
warehouse_usage:
- bookings_analyst_wh
comment: "Business analyst working on data in Bookings schema"
sakila_analyst:
schema_read:
- snowddl_db.sakila
schema_owner:
- snowddl_db.sakila_sandbox
warehouse_usage:
- sakila_analyst_wh
comment: "Business analyst working on data in Sakila schema"
- {key} (ident) - business role name
- {value} (dict)
- schema_owner (list)
- {items} (ident) - grant OWNERSHIP privileges for objects in schemas
- schema_read (list)
- {items} (ident) - grant READ privileges for objects in schemas
- schema_write (list)
- {items} (ident) - grant WRITE privileges for objects in schemas
- warehouse_usage (list)
- {items} (ident) - grant USAGE privileges for warehouses
- warehouse_monitor (list)
- {items} (ident) - grant MONITOR privileges for warehouses
- tech_roles (list)
- {items} (ident) - grant TECH ROLES
- global_roles (list)
- {items} (ident) - grant external roles created outside of SnowDDL (e.g.
FIVETRAN_ROLE
)
- comment (str)
- 1.Schema names should be fully qualified (
<database>.<schema>
). - 2.Alternatively, it is possible to specify schema names as wildcards covering all schemas in specific database (
<database>.*
). It is helpful for databases with a large number of schemas, which require similar access patterns. - 3.Global roles are managed outside of SnowDDL and are applied without env prefix.
Last modified 1yr ago