Skip to main content

privileges

Creates, updates, deletes, gets or lists a privileges resource.

Overview

Nameprivileges
TypeResource
Idsnowflake.grant.privileges

Fields

The following fields are returned by SELECT queries:

SELECT not supported for this resource, use SHOW METHODS to view available operations for the resource.

Methods

The following methods are available for this resource:

NameAccessible byRequired ParamsOptional ParamsDescription
grant_privilegeinsertgranteeType, granteeName, securableType, securableName, endpointEndpoint to indicate that the privileges listed in the request body should be granted.
grant_group_privilegeinsertgranteeType, granteeName, bulkGrantType, securableTypePlural, scopeType, scopeName, endpointEndpoint to indicate that the privileges listed in the request body should be granted to all securables of this type in the given scope.
revoke_privilegedeletegranteeType, granteeName, securableType, securableName, privilege, endpointdeleteModeEndpoint to indicate that the privilege listed in the path should be revoked.
revoke_group_privilegedeletegranteeType, granteeName, bulkGrantType, securableTypePlural, scopeType, scopeName, privilege, endpointdeleteModeEndpoint to indicate that the privilege listed on the group securable in the given scope should be revoked.

Parameters

Parameters can be passed in the WHERE clause of a query. Check the Methods section to see which parameters are required or optional for each operation.

NameDatatypeDescription
bulkGrantTypestringString that species whether this group privilege should be on ALL or FUTURE resources of the specified plural type
endpointstringOrganization and Account Name (default: orgid-acctid)
granteeNamestringString that specifies the name of the privilege grantee.
granteeTypestringString that specifies the type of resource that is the privilege grantee.
privilegestringString that specifies a privilege to be revoked
scopeNamestringString that specifies the name of resource that is the scope of an ALL/FUTURE privilege
scopeTypestringString that specifies the type of resource that is the scope of an ALL/FUTURE privilege. Can only be DATABASE or SCHEMA
securableNamestringString that specifies the name of resource that is being secured by a privilege.
securableTypestringString that specifies the type of resource that is being secured by a privilege.
securableTypePluralstringString that specifies the plural of the type of resource that is being secured by an ALL/FUTURE privilege. Must be either "schemas" or any plural object type that can nest under a schema such as "tables"
deleteModestringIf "cascade", recursively revoke the grant from sub-grantees to which this privilege was re-granted. Acceptable values are "restrict" or "cascade".

INSERT examples

Endpoint to indicate that the privileges listed in the request body should be granted.

INSERT INTO snowflake.grant.privileges (
data__privileges,
data__grant_option,
data__created_on,
data__grantee_type,
data__grantee_name,
data__securable_type,
data__securable_name,
data__granted_by_role_type,
data__granted_by_name,
granteeType,
granteeName,
securableType,
securableName,
endpoint
)
SELECT 
'{{ privileges }}',
{{ grant_option }},
'{{ created_on }}',
'{{ grantee_type }}',
'{{ grantee_name }}',
'{{ securable_type }}',
'{{ securable_name }}',
'{{ granted_by_role_type }}',
'{{ granted_by_name }}',
'{{ granteeType }}',
'{{ granteeName }}',
'{{ securableType }}',
'{{ securableName }}',
'{{ endpoint }}'
;

DELETE examples

Endpoint to indicate that the privilege listed in the path should be revoked.

DELETE FROM snowflake.grant.privileges
WHERE granteeType = '{{ granteeType }}' --required
AND granteeName = '{{ granteeName }}' --required
AND securableType = '{{ securableType }}' --required
AND securableName = '{{ securableName }}' --required
AND privilege = '{{ privilege }}' --required
AND endpoint = '{{ endpoint }}' --required
AND deleteMode = '{{ deleteMode }}';