TECH ROLE

Config path: /tech_role.yaml

Example:

restricted_bookings:
  grants:
    DATABASE:USAGE:
      - snowddl_db
    SCHEMA:USAGE:
      - snowddl_db.bookings
    VIEW:SELECT:
      - snowddl_db.bookings.aircrafts
      - snowddl_db.bookings.airports
    FUNCTION:USAGE:
      - snowddl_db.bookings.lang(object)

  comment: "Access to some specific views and functions in Bookings schema"

Schema

  • {key} (ident) - tech role name

  • {value} (dict)

    • grants (dict)

      • {key} (str) - <object_type>:<privilege>

      • {value} (list)

        • {items} (ident) - full objects names to grant privilege

    • comment (str)

Usage notes

  1. List of possible privileges is available in Access Control documentation.

  2. Long object types should be specified with underscore (e.g. EXTERNAL_TABLE).

  3. Object names should be fully qualified:<database>.<schema>.<name>. Functions and procedures should also have data types in parenthesis: <database>.<schema>.<name>(<arg1_dtype>,<arg2_dtype>).

  4. FUTURE GRANTS are not supported by TECH ROLES, since TECH ROLES are being created after most of other objects. FUTURE GRANTS are applied for SCHEMA ROLES instead and generated automatically.

  5. OWNERSHIP privilege is not allowed for TECH ROLES. It is controlled by SCHEMA ROLES instead.

Last updated