TECH ROLE

Config path: /tech_role.yaml
Example:
restricted_bookings:
  grants:
    DATABASE:USAGE:
      - snowddl_db
    SCHEMA:USAGE:
      - snowddl_db.bookings
    VIEW:SELECT:
      - snowddl_db.bookings.aircrafts
      - snowddl_db.bookings.airports
    FUNCTION:USAGE:
      - snowddl_db.bookings.lang(object)
​
  comment: "Access to some specific views and functions in Bookings schema"
Schema
{key} (ident) - tech role name
{value} (dict)
grants (dict)
{key} (str) - <object_type>:<privilege>
{value} (list)
{items} (ident) - full objects names to grant privilege
comment (str)
Usage notes
1.List of possible privileges is available in Access Control documentation.
2.Long object types should be specified with underscore (e.g. EXTERNAL_TABLE).
3.Object names should be fully qualified:<database>.<schema>.<name>. Functions and procedures should also have data types in parenthesis: <database>.<schema>.<name>(<arg1_dtype>,<arg2_dtype>).
4.FUTURE GRANTS are not supported by TECH ROLES, since TECH ROLES are being created after most of other objects. FUTURE GRANTS are applied for SCHEMA ROLES instead and generated automatically.
5.OWNERSHIP privilege is not allowed for TECH ROLES. It is controlled by SCHEMA ROLES instead.
Links
​CREATE ROLE​
​GRANT PRIVILEGE​
​Parser & JSON Schema (GitHub)​
TASK
USER
Last modified 1yr ago