SnowDDL
Search…
TECH ROLE
Config path: /tech_role.yaml
Example:
restricted_bookings:
grants:
DATABASE:USAGE:
- snowddl_db
SCHEMA:USAGE:
- snowddl_db.bookings
VIEW:SELECT:
- snowddl_db.bookings.aircrafts
- snowddl_db.bookings.airports
FUNCTION:USAGE:
- snowddl_db.bookings.lang(object)
​
comment: "Access to some specific views and functions in Bookings schema"

Schema

  • {key} (ident) - tech role name
  • {value} (dict)
    • grants (dict)
      • {key} (str) - <object_type>:<privilege>
      • {value} (list)
        • {items} (ident) - full objects names to grant privilege
    • comment (str)

Usage notes

  1. 1.
    List of possible privileges is available in Access Control documentation.
  2. 2.
    Long object types should be specified with underscore (e.g. EXTERNAL_TABLE).
  3. 3.
    Object names should be fully qualified:<database>.<schema>.<name>. Functions and procedures should also have data types in parenthesis: <database>.<schema>.<name>(<arg1_dtype>,<arg2_dtype>).
  4. 4.
    FUTURE GRANTS are not supported by TECH ROLES, since TECH ROLES are being created after most of other objects. FUTURE GRANTS are applied for SCHEMA ROLES instead and generated automatically.
  5. 5.
    OWNERSHIP privilege is not allowed for TECH ROLES. It is controlled by SCHEMA ROLES instead.

Links

Last modified 7mo ago
Copy link
On this page
Schema
Usage notes
Links