Skip to main content

User

Configuration can be provided to Snowflake Object Lifecycle Engine for the following operation with User:

  • Manage Lifecycle of new and existing User
  • Manage Grants of External User

Supported Parameters

The engine supports the parameters listed below.

  • LOGIN_NAME: Name that the user enters to log into the system. Login names for users must be unique across your entire account.
    • Configuration key: login_name
    • Data Type: String
  • PASSWORD: The password for the user must be enclosed in single or double quotes. If no password is specified, the user cannot log into Snowflake until a password has been explicitly specified for them.
    • Configuration key: password
    • Data Type: String
  • DISABLED: Specifies whether the user is disabled.
    • Configuration key: disabled
    • Data Type: Boolean
  • DISPLAY_NAME: Name displayed for the user in the Snowflake web interface.
    • Configuration key: display_name
    • Data Type: String
  • EMAIL: Email address for the user.
    • Configuration key: email
    • Data Type: String
  • FIRST_NAME: First name of the user.
    • Configuration key: first_name
    • Data Type: String
  • LAST_NAME: Last name of the user.
    • Configuration key: last_name
    • Data Type: String
  • MUST_CHANGE_PASSWORD: Specifies whether the user is forced to change their password on next login (including their first/initial login) into the system.
    • Configuration key: must_change_password
    • Data Type: Boolean
  • DEFAULT_WAREHOUSE: Specifies the virtual warehouse that is active by default for the user’s session upon login.
    • Configuration key: default_warehouse
    • Data Type: String
  • DEFAULT_ROLE: Specifies the role that is active by default for the user’s session upon login.
    • Configuration key: default_role
    • Data Type: String
  • DEFAULT_NAMESPACE: Specifies the namespace (database only or database and schema) that is active by default for the user’s session upon login.
    • Configuration key: default_namespace
    • Data Type: String/Object . See here for definition of default_namespace
  • RSA_PUBLIC_KEY: Specifies the user’s RSA public key; used for key pair authentication.
    • Configuration key: rsa_public_key
    • Data Type: String
  • RSA_PUBLIC_KEY_2: Specifies the user’s second RSA public key; used to rotate the public and private keys for key pair authentication based on an expiration schedule set by your organization.
    • Configuration key: rsa_public_key_2
    • Data Type: String
  • COMMENT: Specifies a comment for the user.
    • Configuration key: comment
    • Data Type: String
  • ENVIRONMENT: Specify the environment in which the user is managed. Regex can be provided as well.
    • Configuration key: environment
    • Data Type: String
  • MANAGE_MODE: Configures what properties to manage for the user.
    • Configuration key: manage_mode
    • Data Type: string
    • Possible Values:
      • none
      • all(Default)
  • NAMESPACING: Specify whether Prefix or Suffix or both are to be added to user-name.
    • Configuration key: namespacing
    • Data Type: String
    • Possible Values:
      • none
      • prefix
      • suffix
      • both(Default)
  • NETWORK_POLICY: Attaches a network policy to the User.
    • Configuration key: network_policy
    • Data Type: string
    • Possible Values: SOLE managed network_policy name as well as preexisting non-managed network_policy name

Default_Namespace

In the Default_Namespace parameter of the User, users can specify either just the name of default_namespace (if default_namespace belongs to the same schema and database as the user), or the name of schema and database.

The Default_Namespace parameter supports the following parameters if explicitly provided:

  • SCHEMA: Name of the schema
    • Configuration key: schema
    • Data Type: String
  • DATABASE: Name of the database
    • REQUIRED
    • Configuration key: database
    • Data Type: String

Examples

default_namespace:
database: "<database-name>"
schema_name: "<schema-name>"

Basic syntax

users:
<user-name>:
<configuration-key>: <value>

Examples

users:
SAM:
comment: "management"
login_name: "user_login"
password: "user_login"
disabled: false
display_name: "manager"
email: "user@example.com"
first_name: "user"
last_name: "login"
must_change_password: true
default_namespace:
database: "<database-name>"
schema_name: "<schema-name>"
default_warehouse: "<warehouse-name>"
default_role: "role"
rsa_public_key: "..."
rsa_public_key_2: "..."
network_policy: "<network-policy-name>"