CODEWITHSUNDEEP
snowflake-cloud-data-platformprivilegesownership
Eyal Rosenfeld
Eyal Rosenfeld

Reputation: 13

Grant Ownership to a USER

We want to replace our Ownership to SECURITYADMIN from one user to another

  1. Is it possible to transfer privileges between users or clone user privileges?
  2. How do we add Privileges and take Ownership on it?

Upvotes: 1

Views: 1522

Answers (2)

Gokhan Atil
Gokhan Atil

Reputation: 10039

First of all, Snowflake applies "Role-based Access Control (RBAC)". Therefore you should not consider granting privileges directly to users. It's not possible. All privileges are assigned to roles, and those roles are assigned to users.

You mentioned SECURITYADMIN. It is a pre-defined role that is not owned by any other role. Why do you want to change the ownership of it? If you want to assign SECURITYADMIN from one user to another, you just need to run these commands:

USE ROLE ACCOUNTADMIN;
GRANT ROLE SECURITYADMIN TO USER NEW_USER;
REVOKE ROLE SECURITYADMIN FROM USER OLD_USER;
  1. Is it possible to transfer privileges between users or clone user privileges?

As you will assign privileges to roles, you can just grant the role to another user, so they will have the same privileges.

  1. How do we add Privileges and take Ownership on it?

You can use GRANT command to add privileges:

https://docs.snowflake.com/en/sql-reference/sql/grant-privilege.html

You can use GRANT OWNERSHIP to transfer the ownership:

https://docs.snowflake.com/en/sql-reference/sql/grant-ownership.html

Upvotes: 1

Srinath Menon
Srinath Menon

Reputation: 1642

  1. Grant Ownership command is an option to achieve this requirement: https://docs.snowflake.com/en/sql-reference/sql/grant-ownership.html#:~:text=Transfers%20ownership%20of%20an%20object,see%20Access%20Control%20in%20Snowflake.

  2. To add privileges, use the "Grant" command on the specific objects and assign to specific roles. https://docs.snowflake.com/en/sql-reference/sql/grant-privilege.html

Upvotes: 0

Related Questions