0.27.0 - May 2024
Last updated
Last updated
This update introduces significant changes to SnowDDL permission model.
OWNERSHIP on ALERT, DYNAMIC_TABLE, EVENT_TABLE, STAGE are now granted to corresponding schema owner role. Previously OWNERSHIP for these objects types was assigned to SnowDDL admin role.
New parameters were added for SCHEMA object type to support additional types of grants.
For schemas with ALERT and DYNAMIC_TABLE objects, use new parameter owner_warehouse_usage to specify warehouses which can be used by schema owner role.
For schemas with ALERT and STAGE object types, use existing parameter owner_integration_usage to specify names of global integrations which can be used by schema owner role.
For schemas with ALERT object type, add value - EXECUTE ALERT to new parameter owner_account_grants to allow execution of alerts in schema.
For schemas with TASK object type, add value - EXECUTE TASK to new parameter owner_account_grants to allow execution of task in schema.
For schemas with ALERT, DYNAMIC_TABLE, PROCEDURE accessing data in other schemas, make sure to use existing parameter owner_schema_read to specify these schemas.
If you use , which creates DatabaseBlueprint or SchemaBlueprint, make sure to add a new required parameter permission_model. This is how you can get default permission model, which is close to settings in previous SnowDDL versions:
FutureGrant object was changed. Now it accepts 4 parameters instead of 3 in the past. Parameter on was renamed to on_future, and new parameter in_parent was added, which takes DATABASE or SCHEMA object type:
Thank you!
You may create a . Please provide as much context as possible. Sample configs and logs are very helpful as well.