Airbyte
Since SnowDDL v0.27, it is possible to natively configure database, user and permissions for Airbyte.
How to configure Airbyte with SnowDDL?
1) Create custom permission model
Configuration guide for PERMISSION MODEL
airbyte:
ruleset: DATABASE_OWNER
owner_create_grants:
- STAGE
- TABLE
- VIEW
owner_future_grants:
STAGE: [OWNERSHIP]
TABLE: [OWNERSHIP]
VIEW: [OWNERSHIP]
read_future_grants:
STAGE: [READ]
TABLE: [SELECT, REFERENCES]
VIEW: [SELECT, REFERENCES]
2) Create database
Configuration guide for DATABASE
is_sandbox: true
permission_model: airbyte
3) Create business role
Configuration guide for BUSINESS ROLE
airbyte_owner:
database_owner:
- airbyte_db
4) Create user
ext_airbyte:
rsa_public_key: ...
business_roles:
- airbyte_owner
5) Finish configuration in Airbyte GUI
It is highly recommended to change name of schema airbyte_internal
to UPPER-case, e.g. AIRBYTE_INTERNAL
. Lower-cased identifiers are not supported by SnowDDL, so you won't be able to set granular access on schema with lower-cased name.
How to grant access to objects created by Airbyte?
You may grant read access on all objects inside Airbyte database by using database_read
parameter for BUSINESS ROLE.
For example:
airbyte_reader:
database_read:
- airbyte_db
If you want to provide granular on per-schema basis, it requires a bit more work.
Explicitly configure schema(s) in Airbyte database by creating corresponding sub-directories with
params.yaml
files inside.Use parameter
schema_read
for BUSINESS ROLE.
For example:
airbyte_specific_reader:
schema_read:
- airbyte_db.braintree
- airbyte_db.paypal
SnowDDL can only create "schema roles" for schemas which are explicitly defined in config.
Last updated