# TECHNICAL ROLE Config path: `/technical_role.yaml` Example: ```yaml restricted_bookings: grants: DATABASE:USAGE: - snowddl_db SCHEMA:USAGE: - snowddl_db.bookings VIEW:SELECT: - snowddl_db.bookings.aircrafts - snowddl_db.bookings.airports FUNCTION:USAGE: - snowddl_db.bookings.lang(object) future_grants: TABLE:SELECT,REFERENCES: - snowddl_db.bookings account_grants: - MONITOR EXECUTION comment: "Access to some specific views and functions in Bookings schema" ``` ## Schema * *{key}* (ident) - tech role name * *{value}* (dict) * **grants** (dict) * *{key}* (str) - `:` * *{value}* (list) * *{items}* (ident) - full objects names to grant privilege for existing objects * **future\_grants** (dict) * *{key}* (str) - `:` * *{value}* (list) * *{items}* (ident) - full objects names to grant privilege for existing and future objects * **account\_grants** (list) * {items} (str) - account-level privilege * **comment** (str) ## Usage notes 1. List of possible privileges is available in [Access Control documentation](https://docs.snowflake.com/en/user-guide/security-access-control-privileges.html). 2. Long object types should be specified with underscore (e.g. `EXTERNAL_TABLE`). 3. Object names for grants should be fully qualified:`..`. Functions and procedures should also have data types in parenthesis: `..(,)`. 4. Future grants should be specified as `` for future grant on DATABASE, or as `.` for future grant on SCHEMA. 5. It is possible to specify object names as wildcards (e.g. `.*`). It is helpful for large number of objects with similar names sharing similar access patterns. 6. OWNERSHIP privilege is not allowed for TECHNICAL ROLES. It is controlled by [permission model instead](https://docs.snowddl.com/basic/yaml-configs/permission-model). ## Links * [CREATE ROLE](https://docs.snowflake.com/en/sql-reference/sql/create-role.html) * [GRANT PRIVILEGE](https://docs.snowflake.com/en/sql-reference/sql/grant-privilege.html) * [Parser & JSON Schema (GitHub)](https://github.com/littleK0i/SnowDDL/blob/master/snowddl/parser/tech_role.py)