# DATABASE ROLE

{% hint style="warning" %}
DATABASE\_ROLE is intended to be used for [outbound SHAREs](/basic/yaml-configs/share-outbound.md) only.

It is not a part of SnowDDL [role hierarchy](/guides/role-hierarchy.md) and should not be used to grant access outside of shares.
{% endhint %}

Config path: `/<database>/database_role.yaml`

Example:

```
test_database_role:
  grants:
    DATABASE:USAGE:
      - test_db
    SCHEMA:USAGE:
      - test_db.test_schema
    TABLE:SELECT:
      - test_db.test_schema.*
    FUNCTION:USAGE:
      - test_db.test_schema.test_secure_udf(varchar)

  comment: Test share role
```

## Schema

* *{key}* (ident) - database role name
* *{value}* (dict)
  * **grants** (str)
    * *{key}* (str) - `<object_type>:<privilege>`
    * *{value}* (list)
      * *{items}* (ident) - full objects names or name patterns to grant privilege;
  * **comment** (str)

## Usage notes

1. Data roles are processed only if at least one database role exists in config.
2. All limitations related to [`GRANT ... TO SHARE`](https://docs.snowflake.com/en/sql-reference/sql/grant-privilege-share.html) command applies to database role **grants**. Please read it carefully.
3. It is possible to use [Unix-style wildcard patterns](https://docs.python.org/3/library/fnmatch.html) for grant object names.
4. Grants created externally and matching Unix-style wildcard patterns **will not be dropped** if objects are not explicitly defined in config. It is an intentional workaround for lack of future grants on database roles used in shares.

## &#x20;Links

* [CREATE DATABASE ROLE](https://docs.snowflake.com/en/sql-reference/sql/create-database-role)
* [GRANT DATABASE ROLE](https://docs.snowflake.com/en/sql-reference/sql/grant-database-role)
* [Parser & JSON Schema (GitHub)](https://github.com/littleK0i/SnowDDL/blob/master/snowddl/parser/database_role.py)


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.snowddl.com/basic/yaml-configs/database-role.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.