Inbound shares

Currently inbound shares are not managed by SnowDDL and should be created manually by ACCOUNTADMIN. Setting up inbound shares normally requires some additional steps performed outside of Snowflake. Also, only one DATABASE can be created for each inbound share, which limits env prefix functionality.

Creation of inbound shares and databases are explained in Snowflake documentation.

Configure outbound share to target your account. Make sure it is available using SHOW SHARES command.
Run CREATE DATABASE <db_name> FROM SHARE <share_name>.

Once the initial configuration is done, you may grant access to objects in share to business roles using share_read parameter:

Use share name to grant access to all objects using IMPORTED PRIVILEGES;
Use database role name in share to grant access to this database role only;

For example:

share_read:
  - snowflake                 # this grants access to an entire SNOWFLAKE share
  - snowflake.object_viewer   # this grants access to OBJECT_VIEWER database role only

PreviousIntegrations NextObject OWNERSHIP

Last updated 1 year ago