TECHNICAL ROLE
Config path: /technical_role.yaml
Example:
Schema
{key} (ident) - tech role name
{value} (dict)
grants (dict)
{key} (str) -
<object_type>:<privilege>
{value} (list)
{items} (ident) - full objects names to grant privilege for existing objects
future_grants (dict)
{key} (str) -
<object_type>:<privilege>
{value} (list)
{items} (ident) - full objects names to grant privilege for existing and future objects
account_grants (list)
{items} (str) - account-level privilege
comment (str)
Usage notes
Long object types should be specified with underscore (e.g.
EXTERNAL_TABLE
).Object names for grants should be fully qualified:
<database>.<schema>.<name>
. Functions and procedures should also have data types in parenthesis:<database>.<schema>.<name>(<arg1_dtype>,<arg2_dtype>)
.Future grants should be specified as
<database>
for future grant on DATABASE, or as<database>.<schema>
for future grant on SCHEMA.It is possible to specify object names as wildcards (e.g.
<database>.*
). It is helpful for large number of objects with similar names sharing similar access patterns.
Links
Last updated