Role
Configuration can be provided to Snowflake Object Lifecycle Engine for the following operation with roles:
- Manage Lifecycle of new and existing Role
- Manage Lifecycle of cloned Role
- Manage Grants of Role
Supported Parameters
The engine supports the parameters listed below.
- COMMENT: Specifies a comment for the role.
- Configuration key:
comment - Data Type: String
- Configuration key:
- NAMESPACING: Specify whether Prefix or Suffix or both are to be added to Role Name[Doesn't apply to Default Database].
- Configuration key:
namespacing - Data Type: String
- Possible Values:
noneprefixsuffixboth(Default)
- Configuration key:
- ENVIRONMENT: Specify the environment in which the Role is managed. Regex can be provided as well.
- Configuration key:
environment - Data Type: String
- Configuration key:
- MANAGE_MODE: Configures what properties to manage for the Role.
- Configuration key:
manage_mode - Data Type: String
- Possible Values:
nonegrantsall(Default)
- Configuration key:
- ROLES: List of roles to which current roles are granted to.
- Configuration key:
rolesorgranted_to_roles - Data Type: Listcaution
One cannot use both configuration keys
rolesandgranted_to_rolesat the same time in a role configuration
- Configuration key:
- USERS: List of users to which current roles are granted to.
- Configuration key:
usersorgranted_to_users - Data Type: Listcaution
One cannot use both configuration keys
usersandgranted_to_usersat the same time in a role configuration
- Configuration key:
Basic syntax
roles:
<role-name>:
comment: "COMMENT"
roles:
- <role-name>
- <role-name>
users:
- <user-name>
- <user-name>
Examples
Role creation
roles:
DEV_ROLE:
comment: "Role for Ingestion Developers"
Role with Grants to Roles and Users
roles:
MODELLING_ROLE:
comment: "Role for Ingestion Developers"
roles:
- INGESTION_ROLE
- ACCOUNTADMIN
users:
- DATAOPS_ADMIN
- INGESTION_USER