Airbyte

Since SnowDDL v0.27, it is possible to natively configure database, user and permissions for Airbyte.

How to configure Airbyte with SnowDDL?

1) Create custom permission model

Configuration guide for

airbyte:
  ruleset: DATABASE_OWNER

  owner_create_grants:
    - STAGE
    - TABLE
    - VIEW

  owner_future_grants:
    STAGE: [OWNERSHIP]
    TABLE: [OWNERSHIP]
    VIEW: [OWNERSHIP]

  read_future_grants:
    STAGE: [READ]
    TABLE: [SELECT, REFERENCES]
    VIEW: [SELECT, REFERENCES]

2) Create database

is_sandbox: true
permission_model: airbyte

3) Create business role

airbyte_owner:
  database_owner:
    - airbyte_db

4) Create user

ext_airbyte:
  rsa_public_key: ...
  business_roles:
    - airbyte_owner

5) Finish configuration in Airbyte GUI

It is highly recommended to change name of schema airbyte_internal to UPPER-case, e.g. AIRBYTE_INTERNAL. Lower-cased identifiers are not supported by SnowDDL, so you won't be able to set granular access on schema with lower-cased name.

How to grant access to objects created by Airbyte?

For example:

airbyte_reader:
  database_read:
    - airbyte_db

If you want to provide granular on per-schema basis, it requires a bit more work.

1. Explicitly configure schema(s) in Airbyte database by creating corresponding sub-directories with params.yaml files inside.

For example:

airbyte_specific_reader:
  schema_read:
    - airbyte_db.braintree
    - airbyte_db.paypal

SnowDDL can only create "schema roles" for schemas which are explicitly defined in config.