USER
Config path:
/user.yaml
Example:
damian_edwards:
password: "password"
first_name: "Damian"
last_name: "Edwards"
email: "[email protected]"
session_params:
query_tag: "Queries from Damian"
error_on_nondeterministic_merge: true
statement_timeout_in_seconds: 900
business_roles:
- sakila_analyst
comment: "Analyst with read access to Sakila data and full access to sandbox schema"
etl_script:
rsa_public_key: >-
MIIBIjANBgkqhkiG1a0BAQEFAAOCAQ8AMIIBCgKCAQEAx4INStnNQshPamlDe5te
+sF/J3zbY9BCMgcl/B11NndFRuXZjKBAyVJyJdjm2XpHGyJZrpIf1kBVJbfxpNSi
qN/VLMm1nsqtEnLJsvHWT4AyJ8GG1ahYY34ody9SjLTCisSRpjzh7ZLajbyNtwbH
ukOCAhy1R7RzyEmuqz3rRmnx0MUb+1wdSYfMAnVwxT11otmClhXVe3Hj9hdNmljk
pw2rezWlKyeywkDpvh00/tuIFdCJD2gWcb3rAUC3e9iR6RJ4o/LFIEBlyktUPOqF
d4A3+Wp/pkTiYUh2GvjHTZrGViZXBPRjciP+6ktLMuXP4bW2DeS1xEYIUeYhxaNI
IwIDAQAB
business_roles:
- etl_script
- {key} (ident) - user name
- {value} (dict)
- login_name (str)
- display_name (str)
- first_name (str)
- last_name (str)
- email (str)
- disabled (bool)
- password (str)
- rsa_public_key (str)
- rsa_public_key_2 (str)
- default_warehouse (ident)
- default_namespace (str)
- session_params (dict)
- {key} (ident) - session param name
- {value} (bool, float, int, str) - session param value
- business_roles (list)
- {items} (ident) - names of business roles
- comment (str)
- 1.
password
is currently stored as plain text. - 2.Changes in
password
will NOT be applied automatically due to lack of ability to compare current password with old password stored in Snowflake metadata. Please use--refresh-user-passwords
argument to refresh passwords for all existing users if necessary. - 3.
- 4.If
default_warehouse
is omitted, it will be derived automatically from first available warehouse mentioned inbusiness_roles -> warehouse_usage
. - 5.
default_role
cannot be changed. SnowDDL automatically creates USER ROLE for each user and grants BUSINESS ROLES to USER ROLE instead. - 6.
default_secondary_roles
are not supported on purpose. You should never need secondary roles with role hierarchy provided by SnowDDL. - 7.
middle_name
is not supported due to lack of this column inSHOW USERS
output, and also due to ambiguity of this column for users outside of US. - 8.
network_policy
can be specified insession_params
.
Last modified 1yr ago