# TECHNICAL ROLE

Config path: `/technical_role.yaml`

Example:

```yaml
restricted_bookings:
  grants:
    DATABASE:USAGE:
      - snowddl_db
    SCHEMA:USAGE:
      - snowddl_db.bookings
    VIEW:SELECT:
      - snowddl_db.bookings.aircrafts
      - snowddl_db.bookings.airports
    FUNCTION:USAGE:
      - snowddl_db.bookings.lang(object)
  
  future_grants:
    TABLE:SELECT,REFERENCES:
      - snowddl_db.bookings
  
  account_grants:
    - MONITOR EXECUTION

  comment: "Access to some specific views and functions in Bookings schema"
```

## Schema

* *{key}* (ident) - tech role name
* *{value}* (dict)
  * **grants** (dict)
    * *{key}* (str) - `<object_type>:<privilege>`
    * *{value}* (list)
      * *{items}* (ident) - full objects names to grant privilege for existing objects
  * **future\_grants** (dict)
    * *{key}* (str) - `<object_type>:<privilege>`
    * *{value}* (list)
      * *{items}* (ident) - full objects names to grant privilege for existing and future objects
  * **account\_grants** (list)
    * {items} (str) - account-level privilege
  * **comment** (str)

## Usage notes

1. List of possible privileges is available in [Access Control documentation](https://docs.snowflake.com/en/user-guide/security-access-control-privileges.html).
2. Long object types should be specified with underscore (e.g. `EXTERNAL_TABLE`).
3. Object names for grants should be fully qualified:`<database>.<schema>.<name>`. Functions and procedures should also have data types in parenthesis: `<database>.<schema>.<name>(<arg1_dtype>,<arg2_dtype>)`.
4. Future grants should be specified as `<database>` for future grant on DATABASE, or as `<database>.<schema>` for future grant on SCHEMA.
5. It is possible to specify object names as wildcards (e.g. `<database>.*`). It is helpful for large number of objects with similar names sharing similar access patterns.
6. OWNERSHIP privilege is not allowed for TECHNICAL ROLES. It is controlled by [permission model instead](/basic/yaml-configs/permission-model.md).

## Links

* [CREATE ROLE](https://docs.snowflake.com/en/sql-reference/sql/create-role.html)
* [GRANT PRIVILEGE](https://docs.snowflake.com/en/sql-reference/sql/grant-privilege.html)
* [Parser & JSON Schema (GitHub)](https://github.com/littleK0i/SnowDDL/blob/master/snowddl/parser/tech_role.py)


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.snowddl.com/basic/yaml-configs/technical-role.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.