Comment on page
SHARE (outbound)
Config path:
/outbound_share.yaml
Example:
test_share:
accounts:
- SFSALESSHARED.SFC_SAMPLES_AWS_EU_WEST_2
grants:
DATABASE:USAGE:
- test_db
SCHEMA:USAGE:
- test_db.test_schema
TABLE:SELECT:
- test_db.test_schema.*
FUNCTION:USAGE:
- test_db.test_schema.test_secure_udf(varchar)
comment: Test share
- {key} (ident) - share name
- {value} (dict)
- accounts (list)
- {items} (ident) - identifiers of consumer accounts:
<organization>.<account>
.
- grants (str)
- {key} (str) -
<object_type>:<privilege>
- {value} (list)
- {items} (ident) - full objects names or name patterns to grant privilege;
- share_restrictions (bool) - should be set to
false
in order to create SHARE from Business Critical account to accounts with lower edition; - comment (str)
- 1.Outbound shares are processed only if at least one share exists in config.
- 2.All changes to outbound shares are "unsafe" and should be reviewed carefully, since it may expose data from your account to 3rd parties.
- 3.Outbound shares require additional privileges for SnowDDL administration user:
IMPORT SHARE
,CREATE SHARE
. - 4.Parameter share_restrictions require additional privilege:
OVERRIDE SHARE RESTRICTIONS
. - 5.If share has more than 3 consumer accounts, it will be "altered" on every run on SnowDDL. It is caused by limitations of
SHOW SHARES
command, which can only return 3 accounts in columnto
. Currently there is no way to get full list of currently assigned consumer accounts. - 6.
- 7.
Last modified 1yr ago