grants
Creates, updates, deletes, gets or lists a grants resource.
Overview
| Name | grants |
| Type | Resource |
| Id | snowflake.role.grants |
Fields
The following fields are returned by SELECT queries:
- list_grants
successful
| Name | Datatype | Description |
|---|---|---|
containing_scope | object | |
created_on | string (date-time) | Date and time when the grant was created |
grant_option | boolean | If true, allows the recipient role to grant the privileges to other roles. |
granted_by | string | The role that granted this privilege to this grantee |
privileges | array | List of privileges to be granted. |
securable | object | |
securable_type | string | Type of the securable to be granted. |
Methods
The following methods are available for this resource:
| Name | Accessible by | Required Params | Optional Params | Description |
|---|---|---|---|---|
list_grants | select | name, endpoint | showLimit | List all grants to the role |
grant_privileges | insert | name, endpoint | Grant privileges to the role | |
revoke_grants | delete | name, endpoint | mode | Revoke grants from the role |
Parameters
Parameters can be passed in the WHERE clause of a query. Check the Methods section to see which parameters are required or optional for each operation.
| Name | Datatype | Description |
|---|---|---|
endpoint | string | Organization and Account Name (default: orgid-acctid) |
name | string | Identifier (i.e. name) for the resource. |
mode | string | Query parameter determines whether the revoke operation succeeds or fails for the privileges, based on the whether the privileges had been re-granted to another role. - restrict: If the privilege being revoked has been re-granted to another role, the REVOKE command fails. - cascade: If the privilege being revoked has been re-granted, the REVOKE command recursively revokes these dependent grants. If the same privilege on an object has been granted to the target role by a different grantor (parallel grant), that grant is not affected and the target role retains the privilege. |
showLimit | integer | Query parameter to limit the maximum number of rows returned by a command. |
SELECT examples
- list_grants
List all grants to the role
SELECT
containing_scope,
created_on,
grant_option,
granted_by,
privileges,
securable,
securable_type
FROM snowflake.role.grants
WHERE name = '{{ name }}' -- required
AND endpoint = '{{ endpoint }}' -- required
AND showLimit = '{{ showLimit }}';
INSERT examples
- grant_privileges
- Manifest
Grant privileges to the role
INSERT INTO snowflake.role.grants (
data__securable,
data__containing_scope,
data__securable_type,
data__grant_option,
data__privileges,
name,
endpoint
)
SELECT
'{{ securable }}',
'{{ containing_scope }}',
'{{ securable_type }}' --required,
{{ grant_option }},
'{{ privileges }}',
'{{ name }}',
'{{ endpoint }}'
;
# Description fields are for documentation purposes
- name: grants
props:
- name: name
value: string
description: Required parameter for the grants resource.
- name: endpoint
value: string
description: Required parameter for the grants resource.
- name: securable
value: object
- name: containing_scope
value: object
- name: securable_type
value: string
description: >
Type of the securable to be granted.
- name: grant_option
value: boolean
description: >
If true, allows the recipient role to grant the privileges to other roles.
- name: privileges
value: array
description: >
List of privileges to be granted.
DELETE examples
- revoke_grants
Revoke grants from the role
DELETE FROM snowflake.role.grants
WHERE name = '{{ name }}' --required
AND endpoint = '{{ endpoint }}' --required
AND mode = '{{ mode }}';