grants
Creates, updates, deletes, gets or lists a grants resource.
Overview
| Name | grants |
| Type | Resource |
| Id | snowflake.role.grants |
Fields
| Name | Datatype | Description |
|---|---|---|
containing_scope | object | |
created_on | string | Date and time when the grant was created |
grant_option | boolean | If true, allows the recipient role to grant the privileges to other roles. |
granted_by | string | The role that granted this privilege to this grantee |
privileges | array | List of privileges to be granted. |
securable | object | |
securable_type | string | Type of the securable to be granted. |
Methods
| Name | Accessible by | Required Params | Optional Params | Description |
|---|---|---|---|---|
list_grants | SELECT | name, endpoint | showLimit | List all grants to the role |
grant_privileges | INSERT | name, data__securable_type, endpoint | - | Grant privileges to the role |
revoke_grants | DELETE | name, data__securable_type, endpoint | mode | Revoke grants from the role |
Optional Parameter Details
| Name | Description | Type | Default |
|---|---|---|---|
mode | Query parameter determines whether the revoke operation succeeds or fails for the privileges, based on the whether the privileges had been re-granted to another role. - restrict: If the privilege being revoked has been re-granted to another role, the REVOKE command fails. - cascade: If the privilege being revoked has been re-granted, the REVOKE command recursively revokes these dependent grants. If the same privilege on an object has been granted to the target role by a different grantor (parallel grant), that grant is not affected and the target role retains the privilege. | string | - |
showLimit | Query parameter to limit the maximum number of rows returned by a command. | integer | - |
SELECT examples
List all grants to the role
SELECT
containing_scope,
created_on,
grant_option,
granted_by,
privileges,
securable,
securable_type
FROM snowflake.role.grants
WHERE name = '{{ name }}'
AND endpoint = '{{ endpoint }}';
INSERT example
Use the following StackQL query and manifest file to create a new grants resource.
- Required Properties
- All Properties
- Manifest
/*+ create */
INSERT INTO snowflake.role.grants (
data__securable,
data__containing_scope,
data__securable_type,
data__grant_option,
data__privileges,
name,
endpoint
)
SELECT
'{{ securable }}',
'{{ containing_scope }}',
'{{ securable_type }}',
'{{ grant_option }}',
'{{ privileges }}',
'{{ name }}',
'{{ endpoint }}'
;
/*+ create */
INSERT INTO snowflake.role.grants (
data__securable_type,
name,
endpoint
)
SELECT
'{{ securable_type }}',
'{{ name }}',
'{{ endpoint }}'
;
- name: grants
props:
- name: name
value: string
- name: data__securable_type
value: string
- name: endpoint
value: string
- name: securable
props:
- name: database
value: string
- name: schema
value: string
- name: service
value: string
- name: name
value: string
- name: containing_scope
props:
- name: database
value: string
- name: schema
value: string
- name: securable_type
value: string
- name: grant_option
value: boolean
- name: privileges
value: array
DELETE example
Deletes the specified grants resource.
/*+ delete */
DELETE FROM snowflake.role.grants
WHERE name = '{{ name }}'
AND data__securable_type = '{{ data__securable_type }}'
AND endpoint = '{{ endpoint }}';