# 0.27.0 - May 2024

This update introduces significant changes to SnowDDL permission model.

## Potentially breaking changes

* `OWNERSHIP` on `ALERT`, `DYNAMIC_TABLE`, `EVENT_TABLE`, `STAGE` are now granted to corresponding schema owner role. Previously `OWNERSHIP` for these objects types was assigned to SnowDDL admin role.
* New parameters were added for `SCHEMA` object type to support additional types of grants.

## Config migration guide

* For schemas with `ALERT` and `DYNAMIC_TABLE` objects, use new parameter `owner_warehouse_usage` to specify warehouses which can be used by schema owner role.
* For schemas with `ALERT` and `STAGE` object types, use existing parameter `owner_integration_usage` to specify names of global integrations which can be used by schema owner role.
* For schemas with `ALERT` object type, add value `- EXECUTE ALERT` to new parameter `owner_account_grants` to allow execution of alerts in schema.
* For schemas with `TASK` object type, add value `- EXECUTE TASK` to new parameter `owner_account_grants` to allow execution of task in schema.
* For schemas with `ALERT`, `DYNAMIC_TABLE`, `PROCEDURE` accessing data in other schemas, make sure to use existing parameter `owner_schema_read` to specify these schemas.

## Code migration guide

* If you use [programmatic config](https://docs.snowddl.com/advanced/programmatic-config), which creates `DatabaseBlueprint` or `SchemaBlueprint`, make sure to add a new required parameter `permission_model`. This is how you can get default permission model, which is close to settings in previous SnowDDL versions: <br>

  ```python
  bp.permission_model = config.get_permission_model(config.DEFAULT_PERMISSION_MODEL)
  ```
* `FutureGrant` object was changed. Now it accepts 4 parameters instead of 3 in the past. Parameter `on` was renamed to `on_future`, and new parameter `in_parent` was added, which takes `DATABASE` or `SCHEMA` object type:<br>

  ```
  class FutureGrant(BaseModelWithConfig):
      privilege: str
      on_future: ObjectType    
      in_parent: ObjectType      -- SCHEMA or DATABASE
      name: Union[DatabaseIdent, SchemaIdent]
  ```

## Any questions or problems?

You may create a [new discussion on GitHub](https://github.com/littleK0i/SnowDDL/discussions). Please provide as much context as possible. Sample configs and logs are very helpful as well.

Thank you!