Skip to main content

Account

You can provide configuration to Snowflake Object Lifecycle Engine for the following operation with the account:

  • Manage grants of the current account

Usage

note

We have introduced SOLE for Data Products as a new framework for SOLE to help you easily build an ecosystem of data products. Learn more about SOLE for Data Products which is currently available as a private preview.

account:
<configuration-key>: <value>
grants:
<privilege>:
- <role-name>
- <role-name>

Supported parameters

The engine supports the parameters listed below.

Configuration KeyRequired/OptionalData Type and ValuesDescription
environmentOptionalStringSpecifies the environment in which the account is managed. Regex can be provided as well
deletedOptionalBoolean: True enables deletion prevention, False does nothingSpecifies what objects are allowed to be deleted
grantsOptionalMap: See Supported Account Grants to RolesLists the Privileges and Roles to which privileges are granted on the current account
manage_modeOptionalString: grants (default), all, noneConfigures what properties to manage for the account
network_policyOptionalString: SOLE managed and preexisting non-managed network_policy namesAttaches a network policy to the current account

Supported account grants to roles

Following are the privileges you can grant to roles in the account definition:

  • ALL PRIVILEGES
  • APPLY MASKING POLICY
  • CREATE DATABASE
  • CREATE INTEGRATION
  • CREATE ROLE
  • CREATE USER
  • CREATE WAREHOUSE
  • CREATE SHARE
  • EXECUTE TASK
  • IMPORT SHARE
  • MANAGE GRANTS
  • MONITOR EXECUTION
  • MONITOR USAGE

Examples

dataops/snowflake/account.yml
account:
network_policy: <network-policy-name>
manage_mode: all
grants:
create role:
- SYSADMIN
create user:
- ACCOUNTADMIN