SnowDDL
  • 👋Introduction
  • 🚩Getting started
  • 📋Main features
  • 🪤SnowDDL vs. Declarative DCM
  • In-depth guides
    • 👓Object identifiers
    • 📐Data types
    • 📦Object types
    • 🎭Role hierarchy
    • 🚧Permission model
    • 🔦Other guides
      • Administration user
      • Integrations
      • Inbound shares
      • Object OWNERSHIP
      • Safe & unsafe DDL
      • Dependency management
      • Short hash explained
      • Env Prefix explained
      • Team workflow
      • Limitations & workarounds
      • Fivetran
      • Airbyte
      • Encrypt user passwords
      • Iceberg Tables
  • Basic usage (CLI + YAML)
    • 💻CLI interface
    • 📦YAML configs
      • ACCOUNT PARAMETER
      • ACCOUNT POLICY
      • AGGREGATION POLICY
      • ALERT
      • AUTHENTICATION POLICY
      • BUSINESS ROLE
      • DATABASE
      • DYNAMIC TABLE
      • EVENT TABLE
      • EXTERNAL ACCESS INTEGRATION
      • EXTERNAL FUNCTION
      • EXTERNAL TABLE
      • FILE FORMAT
      • FUNCTION
      • HYBRID TABLE
      • ICEBERG TABLE
      • MASKING POLICY
      • MATERIALIZED VIEW
      • NETWORK POLICY
      • NETWORK RULE
      • PERMISSION MODEL
      • PIPE
      • PLACEHOLDER
      • PROCEDURE
      • PROJECTION POLICY
      • RESOURCE MONITOR
      • ROW ACCESS POLICY
      • SCHEMA
      • SECRET
      • SEQUENCE
      • SHARE (outbound)
      • STAGE
      • STAGE FILE
      • STREAM
      • TABLE
      • TASK
      • TECHNICAL ROLE
      • USER
      • VIEW
      • WAREHOUSE
    • 🏷️YAML placeholders
    • 📬YAML tag !include
    • 🔐YAML tag !decrypt
  • Single DB
    • 🦀Overview
  • Advanced usage (Python)
    • ⚙️Programmatic config
    • 🐍Architecture overview
      • 🔵Blueprints
      • 🟣Config
      • 🟠Parsers
      • 🟢Resolvers
      • 🔴Engine
    • 🏗️Query builder & formatter
  • Breaking changes log
    • 0.45.0 - March 2025
    • 0.41.0 - January 2025
    • 0.37.0 - December 2024
    • 0.36.0 - November 2024
    • 0.33.0 - October 2024
    • 0.27.0 - May 2024
  • Links
    • GitHub repository
    • PyPI package
    • YouTube tutorials
    • Changelog
    • LinkedIn profile
Powered by GitBook
On this page
  • Schema
  • Usage notes
  • Links
  1. Basic usage (CLI + YAML)
  2. YAML configs

SCHEMA

PreviousROW ACCESS POLICYNextSECRET

Last updated 4 months ago

Config path: /<database>/<schema>/params.yaml

Example:

retention_time: 7
is_sandbox: true

owner_schema_read:
  - another_db.another_schema_1
  - another_db.another_schema_2

owner_warehouse_usage:
  - my_warehouse

owner_integration_usage:
  - my_storage_integration

owner_account_grants:
  - EXECUTE ALERT

Schema

  • is_transient (bool) - make schema TRANSIENT

  • retention_time (int) - data retention time in days

  • is_sandbox (bool) - custom objects created in sandbox schema will not be dropped if not present in config

  • permission_model (str) - name of custom

  • external_volume (ident) - name of EXTERNAL VOLUME used for

  • catalog (ident) - name of CATALOG used for

  • owner_database_read (list)

    • {items} (ident) - grant READ privileges for objects in a database to OWNER role of this schema

  • owner_database_write (list)

    • {items} (ident) - grant WRITE privileges for objects in a database to OWNER role of this schema

  • owner_schema_read (list)

    • {items} (ident) - grant READ privileges for objects in another schema to OWNER role of this schema

  • owner_schema_write (list)

    • {items} (ident) - grant WRITE privileges for objects in another schema to OWNER role of this schema

  • owner_share_read (list)

    • {items} (ident) - grant IMPORTED PRIVILEGES or DATABASE ROLE for inbound share to OWNER role of this schema

  • owner_integration_usage (list)

    • {items} (ident) - grant USAGE privilege on global integration to OWNER role of this schema

  • owner_warehouse_usage (list)

    • {items} (ident) - grant USAGE privilege on warehouse to OWNER role of this schema

  • owner_account_grants (list)

    • {items} (str) - grant account-level privilege to OWNER role of this schema

  • owner_global_roles (list)

    • {items} (ident) - grant external roles with custom permissions created outside of SnowDDL to OWNER role of this schema

  • comment (str)

Usage notes

  1. File params.yaml is optional. All parameters are set to default if file is omitted.

  3. Objects in database or schema marked with is_sandbox flag will not be dropped by SnowDDL if not defined in config.

  4. When defining custom permission_model, the ruleset of database permission_model and schema permission_model must be the same.

  5. owner_schema_read and owner_schema_write parameters are helpful when dealing with VIEWS and PROCEDURES, which require access to objects in another schemas. Usually only objects in the current schema are available to the OWNER role of this schema.

Links

is_transient and retention_time are inherited from object if omitted.

owner_integration_usage parameter helps to provide additional USAGE privileges on various externally defined objects to schema OWNER role, which helps to resolve various permission-related issues. For example, it is required in order for error notification integrations to work properly.

📦
permission model
Iceberg tables
Iceberg tables
DATABASE
integration
CREATE SCHEMA
ALTER SCHEMA
SHOW SCHEMAS
Parser & JSON Schema (GitHub)