grants
Creates, updates, deletes, gets or lists a grants resource.
Overview
| Name | grants |
| Type | Resource |
| Id | snowflake.user.grants |
Fields
The following fields are returned by SELECT queries:
- list_grants
successful
| Name | Datatype | Description |
|---|---|---|
containing_scope | object | |
created_on | string (date-time) | Date and time when the grant was created |
granted_by | string | The role that granted this privilege to this grantee |
privileges | array | List of privileges to be granted. |
securable | object | |
securable_type | string | Type of the securable to be granted. Only ROLE is supported |
Methods
The following methods are available for this resource:
| Name | Accessible by | Required Params | Optional Params | Description |
|---|---|---|---|---|
list_grants | select | name, endpoint | showLimit | List all grants to the user |
grant | insert | name, endpoint | Grant a role to the user | |
revoke_grants | delete | name, endpoint | Revoke grants from the user |
Parameters
Parameters can be passed in the WHERE clause of a query. Check the Methods section to see which parameters are required or optional for each operation.
| Name | Datatype | Description |
|---|---|---|
endpoint | string | Organization and Account Name (default: orgid-acctid) |
name | string | Identifier (i.e. name) for the resource. |
showLimit | integer | Query parameter to limit the maximum number of rows returned by a command. |
SELECT examples
- list_grants
List all grants to the user
SELECT
containing_scope,
created_on,
granted_by,
privileges,
securable,
securable_type
FROM snowflake.user.grants
WHERE name = '{{ name }}' -- required
AND endpoint = '{{ endpoint }}' -- required
AND showLimit = '{{ showLimit }}';
INSERT examples
- grant
- Manifest
Grant a role to the user
INSERT INTO snowflake.user.grants (
data__securable,
data__containing_scope,
data__securable_type,
data__privileges,
name,
endpoint
)
SELECT
'{{ securable }}',
'{{ containing_scope }}',
'{{ securable_type }}' --required,
'{{ privileges }}',
'{{ name }}',
'{{ endpoint }}'
;
# Description fields are for documentation purposes
- name: grants
props:
- name: name
value: string
description: Required parameter for the grants resource.
- name: endpoint
value: string
description: Required parameter for the grants resource.
- name: securable
value: object
- name: containing_scope
value: object
- name: securable_type
value: string
description: >
Type of the securable to be granted. Only ROLE is supported
- name: privileges
value: array
description: >
List of privileges to be granted.
DELETE examples
- revoke_grants
Revoke grants from the user
DELETE FROM snowflake.user.grants
WHERE name = '{{ name }}' --required
AND endpoint = '{{ endpoint }}' --required;