Skip to main content

Account

Configuration can be provided to Snowflake Object Lifecycle Engine for the following operation with Account:

  • Manage Grants of current Account

Supported Parameters

The engine supports the parameters listed below.

  • ENVIRONMENT: Specify the environment in which the Account is managed. Regex can be provided as well.
    • Configuration key: environment
    • Data Type: String
  • MANAGE_MODE: Configures what properties to manage for the Account.
    • Configuration key: manage_mode
    • Data Type: string
    • Possible Values:
      • none
      • grants(Default)
      • all
  • GRANTS: List of Privileges and Roles to which privileges are granted to on the current Account.
    • Configuration key: grants
    • Data Type: Map
  • NETWORK_POLICY: Attaches a network policy to the current Account.
    • Configuration key: network_policy
    • Data Type: string
    • Possible Values: SOLE managed network_policy name as well as preexisting non-managed network_policy name

Basic syntax

account:
<configuration-key>: <value>
grants:
<privilege>:
- <role-name>
- <role-name>

Supported Account Grants to Roles

Following is the list of Privileges Grant to Roles that can be specified in the account definition

  • ALL PRIVILEGES
  • APPLY MASKING POLICY
  • CREATE DATABASE
  • CREATE INTEGRATION
  • CREATE ROLE
  • CREATE USER
  • CREATE WAREHOUSE
  • CREATE SHARE
  • EXECUTE TASK
  • IMPORT SHARE
  • MANAGE GRANTS
  • MONITOR EXECUTION
  • MONITOR USAGE

Examples

dataops/snowflake/account.yml
account:
environment: PROD
network_policy: <network-policy-name>
manage_mode: all
grants:
create role:
- SYSADMIN
create user:
- ACCOUNTADMIN