SnowDDL
Search…
SnowDDL
πŸ‘‹
Introduction
🚩
Getting started
πŸ“‹
Main features
In-depth guides
πŸ‘“
Object identifiers
πŸ“
Data types
πŸ“¦
Object types
🎭
Role hierarchy
πŸ”¦
Other
Basic usage (CLI + YAML)
πŸ’»
CLI interface
πŸ“¦
YAML configs
ACCOUNT PARAMETER
BUSINESS ROLE
DATABASE
EXTERNAL FUNCTION
EXTERNAL TABLE
FILE FORMAT
FUNCTION
MASKING POLICY
MATERIALIZED VIEW
NETWORK POLICY
PIPE
PLACEHOLDER
PROCEDURE
RESOURCE MONITOR
ROW ACCESS POLICY
SCHEMA
SEQUENCE
SHARE (outbound)
STAGE
STAGE FILE
STREAM
TABLE
TASK
TECH ROLE
USER
VIEW
WAREHOUSE
🏷
YAML placeholders
Single DB
πŸ¦€
Overview
Advanced usage (Python)
🐍
Architecture overview
πŸ—
Query builder & formatter
GitHub repository
YouTube tutorials
Changelog
PyPI package
LinkedIn profile
Powered By GitBook
USER
Config path: /user.yaml
Example:
damian_edwards:
password: "password"
first_name: "Damian"
last_name: "Edwards"
email: "[email protected]"
session_params:
query_tag: "Queries from Damian"
error_on_nondeterministic_merge: true
statement_timeout_in_seconds: 900
business_roles:
- sakila_analyst
comment: "Analyst with read access to Sakila data and full access to sandbox schema"
etl_script:
rsa_public_key: >-
MIIBIjANBgkqhkiG1a0BAQEFAAOCAQ8AMIIBCgKCAQEAx4INStnNQshPamlDe5te
+sF/J3zbY9BCMgcl/B11NndFRuXZjKBAyVJyJdjm2XpHGyJZrpIf1kBVJbfxpNSi
qN/VLMm1nsqtEnLJsvHWT4AyJ8GG1ahYY34ody9SjLTCisSRpjzh7ZLajbyNtwbH
ukOCAhy1R7RzyEmuqz3rRmnx0MUb+1wdSYfMAnVwxT11otmClhXVe3Hj9hdNmljk
pw2rezWlKyeywkDpvh00/tuIFdCJD2gWcb3rAUC3e9iR6RJ4o/LFIEBlyktUPOqF
d4A3+Wp/pkTiYUh2GvjHTZrGViZXBPRjciP+6ktLMuXP4bW2DeS1xEYIUeYhxaNI
IwIDAQAB
business_roles:
- etl_script

Schema

  • {key} (ident) - user name
  • {value} (dict)
    • login_name (str)
    • display_name (str)
    • first_name (str)
    • last_name (str)
    • email (str)
    • disabled (bool)
    • password (str)
    • rsa_public_key (str)
    • rsa_public_key_2 (str)
    • default_warehouse (ident)
    • default_namespace (str)
    • session_params (dict)
      • {key} (ident) - session param name
      • {value} (bool, float, int, str) - session param value
    • business_roles (list)
      • {items} (ident) - names of business roles
    • comment (str)

Usage notes

  1. 1.
    password is currently stored as plain text.
  2. 2.
    Changes in password will NOT be applied automatically due to lack of ability to compare current password with old password stored in Snowflake metadata. Please use --refresh-user-passwords argument to refresh passwords for all existing users if necessary.
  3. 3.
    rsa_public_key should be passed without public key delimiters.
  4. 4.
    If default_warehouse is omitted, it will be derived automatically from first available warehouse mentioned in business_roles -> warehouse_usage.
  5. 5.
    default_role cannot be changed. SnowDDL automatically creates USER ROLE for each user and grants BUSINESS ROLES to USER ROLE instead.
  6. 6.
    default_secondary_roles are not supported on purpose. You should never need secondary roles with role hierarchy provided by SnowDDL.
  7. 7.
    middle_name is not supported due to lack of this column in SHOW USERS output, and also due to ambiguity of this column for users outside of US.
  8. 8.
    network_policy can be specified in session_params.

Links

Previous
TECH ROLE
Next
VIEW
Last modified 3mo ago
Copy link
On this page
Schema
Usage notes
Links