Skip to main content

Role

Configuration can be provided to Snowflake Object Lifecycle Engine for the following operation with roles:

  • Manage Lifecycle of new and existing Role
  • Manage Lifecycle of cloned Role
  • Manage Grants of Role

Supported Parameters

The engine supports the parameters listed below.

  • COMMENT: Specifies a comment for the role.
    • Configuration key: comment
    • Data Type: String
  • NAMESPACING: Specify whether Prefix or Suffix or both are to be added to Role Name[Doesn't apply to Default Database].
    • Configuration key: namespacing
    • Data Type: String
    • Possible Values:
      • none
      • prefix
      • suffix
      • both(Default)
  • ENVIRONMENT: Specify the environment in which the Role is managed. Regex can be provided as well.
    • Configuration key: environment
    • Data Type: String
  • MANAGE_MODE: Configures what properties to manage for the Role.
    • Configuration key: manage_mode
    • Data Type: String
    • Possible Values:
      • none
      • grants
      • all(Default)
  • ROLES: List of roles to which current roles are granted to.
    • Configuration key: roles or granted_to_roles
    • Data Type: List
      caution

      One cannot use both configuration keys roles and granted_to_roles at the same time in a role configuration

  • USERS: List of users to which current roles are granted to.
    • Configuration key: users or granted_to_users
    • Data Type: List
      caution

      One cannot use both configuration keys users and granted_to_users at the same time in a role configuration

Basic syntax

roles:
<role-name>:
comment: "COMMENT"
roles:
- <role-name>
- <role-name>
users:
- <user-name>
- <user-name>

Examples

Role creation

roles:
DEV_ROLE:
comment: "Role for Ingestion Developers"

Role with Grants to Roles and Users

roles:
MODELLING_ROLE:
comment: "Role for Ingestion Developers"
roles:
- INGESTION_ROLE
- ACCOUNTADMIN
users:
- DATAOPS_ADMIN
- INGESTION_USER