SCHEMA

Config path: /<database>/<schema>/params.yaml

Example:

retention_time: 7
is_sandbox: true

owner_schema_read:
  - another_db.another_schema_1
  - another_db.another_schema_2

owner_warehouse_usage:
  - my_warehouse

owner_integration_usage:
  - my_storage_integration

owner_account_grants:
  - EXECUTE ALERT

Schema

is_transient (bool) - make schema TRANSIENT
retention_time (int) - data retention time in days
is_sandbox (bool) - custom objects created in sandbox schema will not be dropped if not present in config
permission_model (str) - name of custom permission model
external_volume (ident) - name of EXTERNAL VOLUME used for Iceberg tables
catalog (ident) - name of CATALOG used for Iceberg tables
owner_database_read (list)
- {items} (ident) - grant READ privileges for objects in a database to OWNER role of this schema
owner_database_write (list)
- {items} (ident) - grant WRITE privileges for objects in a database to OWNER role of this schema
owner_schema_read (list)
- {items} (ident) - grant READ privileges for objects in another schema to OWNER role of this schema
owner_schema_write (list)
- {items} (ident) - grant WRITE privileges for objects in another schema to OWNER role of this schema
owner_share_read (list)
- {items} (ident) - grant IMPORTED PRIVILEGES or DATABASE ROLE for inbound share to OWNER role of this schema
owner_integration_usage (list)
- {items} (ident) - grant USAGE privilege on global integration to OWNER role of this schema
owner_warehouse_usage (list)
- {items} (ident) - grant USAGE privilege on warehouse to OWNER role of this schema
owner_account_grants (list)
- {items} (str) - grant account-level privilege to OWNER role of this schema
owner_global_roles (list)
- {items} (ident) - grant external roles with custom permissions created outside of SnowDDL to OWNER role of this schema
comment (str)

Usage notes

File params.yaml is optional. All parameters are set to default if file is omitted.
is_transient and retention_time are inherited from DATABASE object if omitted.
Objects in database or schema marked with is_sandbox flag will not be dropped by SnowDDL if not defined in config.
When defining custom permission_model, the ruleset of database permission_model and schema permission_model must be the same.
owner_schema_read and owner_schema_write parameters are helpful when dealing with VIEWS and PROCEDURES, which require access to objects in another schemas. Usually only objects in the current schema are available to the OWNER role of this schema.
owner_integration_usage parameter helps to provide additional USAGE privileges on various externally defined integration objects to schema OWNER role, which helps to resolve various permission-related issues. For example, it is required in order for error notification integrations to work properly.

Links

PreviousROW ACCESS POLICY NextSECRET

Last updated 3 months ago

retention_time: 7 is_sandbox: true owner_schema_read: - another_db.another_schema_1 - another_db.another_schema_2 owner_warehouse_usage: - my_warehouse owner_integration_usage: - my_storage_integration owner_account_grants: - EXECUTE ALERT

Schema

is_transient (bool) - make schema TRANSIENT

retention_time (int) - data retention time in days

is_sandbox (bool) - custom objects created in sandbox schema will not be dropped if not present in config

permission_model (str) - name of custom permission model

external_volume (ident) - name of EXTERNAL VOLUME used for Iceberg tables

catalog (ident) - name of CATALOG used for Iceberg tables

owner_database_read (list)

{items} (ident) - grant READ privileges for objects in a database to OWNER role of this schema

owner_database_write (list)

{items} (ident) - grant WRITE privileges for objects in a database to OWNER role of this schema

owner_schema_read (list)

{items} (ident) - grant READ privileges for objects in another schema to OWNER role of this schema

owner_schema_write (list)

{items} (ident) - grant WRITE privileges for objects in another schema to OWNER role of this schema

owner_share_read (list)

{items} (ident) - grant IMPORTED PRIVILEGES or DATABASE ROLE for inbound share to OWNER role of this schema

owner_integration_usage (list)

{items} (ident) - grant USAGE privilege on global integration to OWNER role of this schema

owner_warehouse_usage (list)

{items} (ident) - grant USAGE privilege on warehouse to OWNER role of this schema

owner_account_grants (list)

{items} (str) - grant account-level privilege to OWNER role of this schema

owner_global_roles (list)

{items} (ident) - grant external roles with custom permissions created outside of SnowDDL to OWNER role of this schema

comment (str)

Usage notes

File params.yaml is optional. All parameters are set to default if file is omitted.

is_transient and retention_time are inherited from DATABASE object if omitted.

Objects in database or schema marked with is_sandbox flag will not be dropped by SnowDDL if not defined in config.

When defining custom permission_model, the ruleset of database permission_model and schema permission_model must be the same.

owner_schema_read and owner_schema_write parameters are helpful when dealing with VIEWS and PROCEDURES, which require access to objects in another schemas. Usually only objects in the current schema are available to the OWNER role of this schema.

owner_integration_usage parameter helps to provide additional USAGE privileges on various externally defined integration objects to schema OWNER role, which helps to resolve various permission-related issues. For example, it is required in order for error notification integrations to work properly.