USER

Config path: /user.yaml

Example:

damian_edwards:
  password: "password"
  first_name: "Damian"
  last_name: "Edwards"
  email: "[email protected]"
  session_params:
    query_tag: "Queries from Damian"
    error_on_nondeterministic_merge: true
    statement_timeout_in_seconds: 900
  business_roles:
    - sakila_analyst
  comment: "Analyst with read access to Sakila data and full access to sandbox schema"
etl_script:
  rsa_public_key: >-
    MIIBIjANBgkqhkiG1a0BAQEFAAOCAQ8AMIIBCgKCAQEAx4INStnNQshPamlDe5te
    +sF/J3zbY9BCMgcl/B11NndFRuXZjKBAyVJyJdjm2XpHGyJZrpIf1kBVJbfxpNSi
    qN/VLMm1nsqtEnLJsvHWT4AyJ8GG1ahYY34ody9SjLTCisSRpjzh7ZLajbyNtwbH
    ukOCAhy1R7RzyEmuqz3rRmnx0MUb+1wdSYfMAnVwxT11otmClhXVe3Hj9hdNmljk
    pw2rezWlKyeywkDpvh00/tuIFdCJD2gWcb3rAUC3e9iR6RJ4o/LFIEBlyktUPOqF
    d4A3+Wp/pkTiYUh2GvjHTZrGViZXBPRjciP+6ktLMuXP4bW2DeS1xEYIUeYhxaNI
    IwIDAQAB
  business_roles:
    - etl_script

Schema

  • {key} (ident) - user name

  • {value} (dict)

    • login_name (str)

    • display_name (str)

    • first_name (str)

    • last_name (str)

    • email (str)

    • disabled (bool)

    • type (str) - user type for security: PERSON, SERVICE, LEGACY_SERVICE, etc.

    • password (str)

    • rsa_public_key (str)

    • rsa_public_key_2 (str)

    • default_warehouse (ident)

    • default_namespace (str)

    • session_params (dict)

      • {key} (ident) - session param name

      • {value} (bool, float, int, str) - session param value

    • business_roles (list)

      • {items} (ident) - names of business roles

    • comment (str)

Policy reference parameters

Usage notes

  1. password is stored as plain text, which can be encrypted with fernet;

  2. Changes in password will NOT be applied automatically due to lack of ability to compare current password with old password stored in Snowflake metadata. Please use --refresh-user-passwords argument to refresh passwords for all existing users, if necessary.

  3. rsa_public_key should be passed without public key delimiters.

  4. If default_warehouse is omitted, it will be derived automatically from first warehouse mentioned in business_roles -> warehouse_usage.

  5. default_role cannot be changed. SnowDDL automatically creates USER ROLE and sets it as default_role.

  6. default_secondary_roles are not supported on purpose. You should never need secondary roles with role hierarchy provided by SnowDDL.

  7. middle_name is not supported due to lack of this column in SHOW USERS output.

Last updated