In addition, to grant the WRITE privilege on an internal stage, the READ privilege mustįor more details about external and internal stages, see CREATE STAGE. READ | WRITE only applies to internal stages. The OWNERSHIP privilege on objects can only be transferred to a subordinate role of the schema owner. Instead, Snowflake recommendsĬreating a shared role and using the role to create objects that are automatically accessible to all users who have been granted the role. However, note that, in the Snowflake model, bulk granting of privileges is not a recommended practice. Only objects that currently exist within the container are affected. Into a series of individual GRANT commands on each object. This is a convenience option internally, the command is expanded Objects of the same type within the container (i.e. Note that the IMPORTED PRIVILEGES privilege cannot be granted to a database role.įor schemas and objects in schemas, an ALL object_type_plural in container option is provided to grant privileges on all For more details, see Overview of Access Control.įor databases, the IMPORTED PRIVILEGES privilege only applies to shared databases (i.e. Higher-level roles within the role hierarchy. Privileges granted to a particular role are automatically inherited by any other roles to which the role is granted, as well as any other Is returned for any privileges that could not be granted. That only privileges held and grantable by the role executing the GRANT command are actually granted to the target role. The special ALL keyword can be used to grant all applicable privileges to the specified object type. Multiple privileges can be specified for the same object type in a single GRANT statement (with each privilege separated by commas), or The GRANT OWNERSHIP command has a different Object from one role to another role, use GRANT OWNERSHIP instead. To grant the OWNERSHIP privilege on an object (or all objects of a specified type in a schema) to a role, transferring ownership of the database_role_name, the command looks for the database role in the current databaseĪll privileges are limited to the database that contains the database role, as well as other objects in the same database. If the identifier is notįully qualified in the form of db_name. the role to which the privileges are granted). Specifies the identifier for the recipient database role (i.e. Specifies the identifier for the recipient role (i.e. Note that bulk grants on pipes are not allowed. Specifies the type of object (for schema objects):ĪLERT | EVENT TABLE | EXTERNAL TABLE | FILE FORMAT | FUNCTION | MASKING POLICY | MATERIALIZED VIEW | PASSWORD POLICY | PIPE | PROCEDURE | ROW ACCESS POLICY | SECRET | SESSION POLICY | SEQUENCE | STAGE | STREAM | TABLE | TASK | VIEW object_type_plural Specifies the identifier for the object on which the privileges are granted. GRANT OWNERSHIP, GRANT … TO SHARE See also: Privileges for schema objects (tables, views, stages, file formats, UDFs, and sequences) in the database that contains the database role.įor more details about roles and securable objects, see Overview of Access Control. Privileges for schemas in the database that contains the database role. Privileges for the database that contains the database role. The privileges that can be granted to database roles are grouped into the following categories: Privileges for schema objects (tables, views, stages, file formats, UDFs, and sequences) Privileges for account objects (resource monitors, virtual warehouses, and databases) The privileges that can be granted to roles are grouped into the following categories: The privileges that can be granted are object-specific.įor information on granting privileges on securable objects to a share, see GRANT … TO SHARE. Grants one or more access privileges on a securable object to a role or database role. The remainder of this topic is generally available. Support for the MANAGE WAREHOUSES privilege is in preview and available to all Support for database roles is in preview and available to all accounts.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |