Role
You can provide configuration to Snowflake Object Lifecycle Engine for the following operations with roles:
- Manage the lifecycle of new and existing roles
- Manage the lifecycle of cloned role
- Manage grants of role
Usage
note
We have introduced SOLE for Data Products as a new framework for SOLE to help you easily build an ecosystem of data products. Learn more about SOLE for Data Products which is currently available as a private preview.
- Role in Current Configuration
- Role in SOLE for Data Products
roles:
<role-name>:
<configuration-key>: <value>
roles:
- <role-name>
- <role-name>
users:
- <user-name>
- <user-name>
- role:
name: <role-name>
<configuration-key>: <value>
roles:
- rel(role.<role-name>)
- rel(role.<role-name>)
users:
- rel(user.<user-name>)
- rel(user.<user-name>)
Supported parameters
The engine supports the parameters listed below.
| Configuration Key | Required/Optional | Data Types and Values | Description |
|---|---|---|---|
comment | Optional | String | Specifies a comment for the role |
deleted | Optional | Boolean: True enables deletion prevention, False does nothing | Specifies what objects are allowed to be deleted |
environment | Optional | String | Specifies the environment in which the role is managed. Regex can be provided as well. |
manage_mode | Optional | String: all (default), none, grants | Configures what properties to manage for the role. See Changing Manage Mode before changing the value. |
namespacing | Optional | String: both (default), prefix, suffix, none | Specifies whether prefix or suffix or both are to be added to role name - doesn't apply to default database |
roles or granted_to_roles | Optional | List | List of roles to which current roles are granted. Caution: You cannot use both configuration keys roles and granted_to_roles simultaneously in a role configuration. |
roles or granted_to_roles | Optional | List | List of users to which current roles are granted. Caution: You cannot use both configuration keys users and granted_to_users at the same time in a role configuration. |
Examples
Role creation
- Role in Current Configuration
- Role in SOLE for Data Products
roles:
DEV_ROLE:
comment: "Role for Ingestion Developers"
- role:
name: DEV_ROLE
comment: "Role for Ingestion Developers"
Role with grants to roles and users
- Role in Current Configuration
- Role in SOLE for Data Products
roles:
MODELLING_ROLE:
comment: "Role for Ingestion Developers"
roles:
- INGESTION_ROLE
- ACCOUNTADMIN
users:
- DATAOPS_ADMIN
- INGESTION_USER
- role:
name: MODELLING_ROLE
comment: "Role for Ingestion Developers"
roles:
- rel(role.INGESTION_ROLE)
- ACCOUNTADMIN
users:
- rel(user.DATAOPS_ADMIN)
- rel(user.INGESTION_USER)