User
You can provide configuration to Snowflake Object Lifecycle Engine for the following operations with user:
- Manage the lifecycle of new and existing users
- Manage the grants of a user
Usage
We have introduced SOLE for Data Products as a new framework for SOLE to help you easily build an ecosystem of data products. The major difference is in how you define Snowflake objects in the configuration file.
Rather than having a grouped collection of objects, SOLE for Data Products goes for modular, self-describing, and explicit object definition.
Learn more about SOLE for Data Products, currently available as a public preview.
We have also introduced Data products as an extra layer on top of the data product platform capabilities making managing data products easier than ever. Learn more about Data Products, currently available as a private preview.
- Default Configuration
- Data Products Configuration
users:
<user-name>:
<configuration-key>: <value>
- user:
name: <user-name>
<configuration-key>: <value>
Supported parameters
The engine supports the parameters listed below.
| Configuration Key | Required/Optional | Data Types and Values | Description |
|---|---|---|---|
comment | Optional | String | Specifies a comment for the user |
deleted | Optional | Boolean: True enables deletion prevention, False does nothing | Specifies what objects are allowed to be deleted |
disabled | Optional | Boolean | Specifies whether the user is disabled |
default_namespace | Optional | String/Object: See here for a definition of default_namespace | Specifies the namespace, database only or database and schema, that is active by default for the user's session upon login |
default_role | Optional | String | Specifies the role that is active by default for the user's session upon login |
default_warehouse | Optional | String | Specifies the virtual warehouse that is active by default for the user's session upon login |
display_name | Optional | String | Name displayed for the user in the Snowflake web interface |
email | Optional | String | Email address for the user |
environment | Optional | String | Specifies the environment in which the user is managed. Regex can be provided as well. |
first_name | Optional | String | First name of the user |
last_name | Optional | String | Last name of the user |
login_name | Optional | String | Name that the user enters to log into the system. Login names for users must be unique across your entire account. |
manage_mode | Optional | String: all (default), none | Configures what properties to manage for the user. See Changing Manage Mode before changing the value. |
must_change_password | Optional | Boolean | Specifies whether the user is forced to change their password on the next login (including their first/initial login) into the system |
namespacing | Optional | String: both (default), none, prefix, suffix | Specifies whether prefix or suffix or both are to be added to user name |
network_policy | Optional | String: SOLE managed and preexisting non-managed network_policy names | Attaches a network policy to the user |
password | Optional | String | The password for the user must be enclosed in single or double quotes. If no password is specified, the user cannot log into Snowflake until a password has been explicitly specified for them. |
rsa_public_key | Optional | String | Specifies the user's RSA public key, used for key pair authentication |
rsa_public_key_2 | Optional | String | Specifies the user's second RSA public key, used to rotate the public and private keys for key pair authentication based on an expiration schedule set by your organization |
default_namespace parameter
You can specify the name of default_namespace if it belongs to the same schema and database as the user or the name of the schema and database.
This parameter supports the following parameters if explicitly provided:
| Configuration Key | Required/Optional | Data Types and Values | Description |
|---|---|---|---|
database | Optional | String | Name of the database |
schema | Optional | String | Name of the schema |
Examples
default_namespace:
database: "<database-name>"
schema_name: "<schema-name>"
Examples
- Default Configuration
- Data Products Configuration
users:
SAM:
comment: "management"
login_name: "user_login"
password: "user_login"
disabled: false
display_name: "manager"
email: "user@example.com"
first_name: "user"
last_name: "login"
must_change_password: true
default_namespace:
database: "<database-name>"
schema_name: "<schema-name>"
default_warehouse: "<warehouse-name>"
default_role: "role"
rsa_public_key: "..."
rsa_public_key_2: "..."
network_policy: "<network-policy-name>"
- user:
name: SAM
comment: "management"
login_name: "user_login"
password: "user_login"
disabled: false
display_name: "manager"
email: "user@example.com"
first_name: "user"
last_name: "login"
must_change_password: true
default_namespace:
schema_name: rel(schema.<schema-name>)
default_warehouse: rel(warehouse.<warehouse-name>)
default_role: "role"
rsa_public_key: "..."
rsa_public_key_2: "..."
network_policy: rel(network_policy.<network-policy-name>)