CODEWITHSUNDEEP
snowflake-cloud-data-platform
Eric Mamet
Eric Mamet

Reputation: 3641

how can I grant usage on all Snowflake databases (inlcuding future) to a role?

I would like to create a role that would have permissions to clone any database, present and future.

Something like 

GRANT CREATE DATABASE ON ACCOUNT TO ROLE CLONE_ADMIN;

Followed by 

GRANT USAGE ON FUTURE DATABASES TO ROLE CLONE_ADMIN;

Is it possible?

Upvotes: 0

Views: 1309

Answers (2)

Seeling Cheung
Seeling Cheung

Reputation: 157

The feature of future grant at database level is in the roadmap. It is currently in private preview with selected customers to gather feedback from early users. Stay tune from update from Snowflake when this feature will become accessible to wider audience.

Upvotes: 3

Abhi Reddy
Abhi Reddy

Reputation: 495

Future grants can only be applied to schema objects.

From the documentation"When a database is cloned, the schemas in the cloned database copy the future privileges from the source schemas. This maintains consistency with the regular object grants, in which the grants of the source object (i.e. database) are not copied to the clone, but the grants on all the children objects (i.e. schemas in the database) are copied to the clones."

Future grants cannot be applied to databases.

  1. USE ROLE ACCOUNTADMIN;
  2. USE DATABASE ANALYTICS;
  3. CREATE OR REPLACE ROLE DATA;
  4. GRANT USAGE ON DATABASE ANALYTICS TO DATA;
  5. GRANT CREATE DATABASE ON ACCOUNT TO ROLE DATA;
  6. GRANT ROLE DATA TO USER NEW_USER1;
  7. USE ROLE DATA;
  8. CREATE DATABASE Z_NEW_USER1_TEST CLONE ANALYTICS;

Upvotes: 3

Related Questions