0.27.0 - May 2024
This update introduces significant changes to SnowDDL permission model.
Potentially breaking changes
OWNERSHIPonALERT,DYNAMIC_TABLE,EVENT_TABLE,STAGEare now granted to corresponding schema owner role. PreviouslyOWNERSHIPfor these objects types was assigned to SnowDDL admin role.New parameters were added for
SCHEMAobject type to support additional types of grants.
Config migration guide
For schemas with
ALERTandDYNAMIC_TABLEobjects, use new parameterowner_warehouse_usageto specify warehouses which can be used by schema owner role.For schemas with
ALERTandSTAGEobject types, use existing parameterowner_integration_usageto specify names of global integrations which can be used by schema owner role.For schemas with
ALERTobject type, add value- EXECUTE ALERTto new parameterowner_account_grantsto allow execution of alerts in schema.For schemas with
TASKobject type, add value- EXECUTE TASKto new parameterowner_account_grantsto allow execution of task in schema.For schemas with
ALERT,DYNAMIC_TABLE,PROCEDUREaccessing data in other schemas, make sure to use existing parameterowner_schema_readto specify these schemas.
Code migration guide
If you use programmatic config, which creates
DatabaseBlueprintorSchemaBlueprint, make sure to add a new required parameterpermission_model. This is how you can get default permission model, which is close to settings in previous SnowDDL versions:bp.permission_model = config.get_permission_model(config.DEFAULT_PERMISSION_MODEL)FutureGrantobject was changed. Now it accepts 4 parameters instead of 3 in the past. Parameteronwas renamed toon_future, and new parameterin_parentwas added, which takesDATABASEorSCHEMAobject type:class FutureGrant(BaseModelWithConfig): privilege: str on_future: ObjectType in_parent: ObjectType -- SCHEMA or DATABASE name: Union[DatabaseIdent, SchemaIdent]
Any questions or problems?
You may create a new discussion on GitHub. Please provide as much context as possible. Sample configs and logs are very helpful as well.
Thank you!
Last updated