Skip to main content


You can provide configuration to Snowflake Object Lifecycle Engine for the following operations with user:

  • Manage the lifecycle of new and existing users
  • Manage the grants of a user



We have introduced SOLE for Data Products as a new framework for SOLE to help you easily build an ecosystem of data products. The major difference is in how you define Snowflake objects in the configuration file. Rather than having a grouped collection of objects, SOLE for Data Products goes for modular, self-describing, and explicit object definition.
Learn more about SOLE for Data Products, currently available as a public preview.

We have also introduced Data products as an extra layer on top of the data product platform capabilities making managing data products easier than ever. Learn more about Data Products, currently available as a private preview.

<configuration-key>: <value>

Supported parameters

The engine supports the parameters listed below.

Configuration KeyRequired/OptionalData Types and ValuesDescription
commentOptionalStringSpecifies a comment for the user
deletedOptionalBoolean: True enables deletion prevention, False does nothingSpecifies what objects are allowed to be deleted
disabledOptionalBooleanSpecifies whether the user is disabled
default_namespaceOptionalString/Object: See here for a definition of default_namespaceSpecifies the namespace, database only or database and schema, that is active by default for the user's session upon login
default_roleOptionalStringSpecifies the role that is active by default for the user's session upon login
default_warehouseOptionalStringSpecifies the virtual warehouse that is active by default for the user's session upon login
display_nameOptionalStringName displayed for the user in the Snowflake web interface
emailOptionalStringEmail address for the user
environmentOptionalStringSpecifies the environment in which the user is managed. Regex can be provided as well.
first_nameOptionalStringFirst name of the user
last_nameOptionalStringLast name of the user
login_nameOptionalStringName that the user enters to log into the system. Login names for users must be unique across your entire account.
manage_modeOptionalString: all (default), noneConfigures what properties to manage for the user.
See Changing Manage Mode before changing the value.
must_change_passwordOptionalBooleanSpecifies whether the user is forced to change their password on the next login (including their first/initial login) into the system
namespacingOptionalString: both (default), none, prefix, suffixSpecifies whether prefix or suffix or both are to be added to user name
network_policyOptionalString: SOLE managed and preexisting non-managed network_policy namesAttaches a network policy to the user
passwordOptionalStringThe password for the user must be enclosed in single or double quotes. If no password is specified, the user cannot log into Snowflake until a password has been explicitly specified for them.
rsa_public_keyOptionalStringSpecifies the user's RSA public key, used for key pair authentication
rsa_public_key_2OptionalStringSpecifies the user's second RSA public key, used to rotate the public and private keys for key pair authentication based on an expiration schedule set by your organization

default_namespace parameter

You can specify the name of default_namespace if it belongs to the same schema and database as the user or the name of the schema and database.

This parameter supports the following parameters if explicitly provided:

Configuration KeyRequired/OptionalData Types and ValuesDescription
databaseOptionalStringName of the database
schemaOptionalStringName of the schema


database: "<database-name>"
schema_name: "<schema-name>"


comment: "management"
login_name: "user_login"
password: "user_login"
disabled: false
display_name: "manager"
email: ""
first_name: "user"
last_name: "login"
must_change_password: true
database: "<database-name>"
schema_name: "<schema-name>"
default_warehouse: "<warehouse-name>"
default_role: "role"
rsa_public_key: "..."
rsa_public_key_2: "..."
network_policy: "<network-policy-name>"