Account
You can provide configuration to Snowflake Object Lifecycle Engine for the following operation with the account:
- Manage grants of the current account
Usage
note
We have introduced SOLE for Data Products as a new framework for SOLE to help you easily build an ecosystem of data products. Learn more about SOLE for Data Products which is currently available as a private preview.
- Account in Current Configuration
- Account in SOLE for Data Products
account:
<configuration-key>: <value>
grants:
<privilege>:
- <role-name>
- <role-name>
- account:
<configuration-key>: <value>
grants:
<privilege>:
- rel(role.<role-name>)
- rel(role.<role-name>)
Supported parameters
The engine supports the parameters listed below.
Configuration Key | Required/Optional | Data Type and Values | Description |
---|---|---|---|
environment | Optional | String | Specifies the environment in which the account is managed. Regex can be provided as well |
deleted | Optional | Boolean: True enables deletion prevention, False does nothing | Specifies what objects are allowed to be deleted |
grants | Optional | Map: See Supported Account Grants to Roles | Lists the Privileges and Roles to which privileges are granted on the current account |
manage_mode | Optional | String: grants (default), all , none | Configures what properties to manage for the account |
network_policy | Optional | String: SOLE managed and preexisting non-managed network_policy names | Attaches a network policy to the current account |
Supported account grants to roles
Following are the privileges you can grant to roles in the account definition:
- ALL PRIVILEGES
- APPLY MASKING POLICY
- CREATE DATABASE
- CREATE INTEGRATION
- CREATE ROLE
- CREATE USER
- CREATE WAREHOUSE
- CREATE SHARE
- EXECUTE TASK
- IMPORT SHARE
- MANAGE GRANTS
- MONITOR EXECUTION
- MONITOR USAGE
Examples
- Account in Current Configuration
- Account in SOLE for Data Products
dataops/snowflake/account.yml
account:
network_policy: <network-policy-name>
manage_mode: all
grants:
create role:
- SYSADMIN
create user:
- ACCOUNTADMIN
dataops/snowflake/account.yml
- account:
network_policy: <network-policy-name>
manage_mode: all
grants:
create role:
- SYSADMIN
create user:
- ACCOUNTADMIN