Skip to main content

Account

Configuration can be provided to Snowflake Object Lifecycle Engine for the following operation with Account:

  • Manage Grants of current Account

Supported Parameters

The engine supports the parameters listed below.

  • ENVIRONMENT: Specify the environment in which the Account is managed. Regex can be provided as well.
    • Configuration key: environment
    • Data Type: String
  • MANAGE_MODE: Configures what properties to manage for the Account.
    • Configuration key: manage_mode
    • Data Type: string
    • Possible Values:
      • none
      • grants
      • all(Default)
  • GRANTS: List of Privileges and Roles to which privileges are granted to on the current Account.
    • Configuration key: grants
    • Data Type: Map

Basic syntax

account:
<configuration-key>: <value>
grants:
<privilege>:
- <role-name>
- <role-name>

Supported Account Grants to Roles

Following is the list of Privileges Grant to Roles that can be specified in the database definition

  • ALL PRIVILEGES
  • APPLY MASKING POLICY
  • CREATE DATABASE
  • CREATE INTEGRATION
  • CREATE ROLE
  • CREATE USER
  • CREATE WAREHOUSE
  • CREATE SHARE
  • EXECUTE TASK
  • IMPORT SHARE
  • MANAGE GRANTS
  • MONITOR EXECUTION
  • MONITOR USAGE

Examples

account:
environment: PROD
grants:
create role:
- SYSADMIN
create user:
- ACCOUNTADMIN