grants
Creates, updates, deletes, gets or lists a grants resource.
Overview
| Name | grants |
| Type | Resource |
| Id | snowflake.user.grants |
Fields
| Name | Datatype | Description |
|---|---|---|
containing_scope | object | |
created_on | string | Date and time when the grant was created |
granted_by | string | The role that granted this privilege to this grantee |
privileges | array | List of privileges to be granted. |
securable | object | |
securable_type | string | Type of the securable to be granted. Only ROLE is supported |
Methods
| Name | Accessible by | Required Params | Optional Params | Description |
|---|---|---|---|---|
list_grants | SELECT | name, endpoint | showLimit | List all grants to the user |
grant | INSERT | name, data__securable_type, endpoint | - | Grant a role to the user |
revoke_grants | DELETE | name, data__securable_type, endpoint | - | Revoke grants from the user |
Optional Parameter Details
| Name | Description | Type | Default |
|---|---|---|---|
showLimit | Query parameter to limit the maximum number of rows returned by a command. | integer | - |
SELECT examples
List all grants to the user
SELECT
containing_scope,
created_on,
granted_by,
privileges,
securable,
securable_type
FROM snowflake.user.grants
WHERE name = '{{ name }}'
AND endpoint = '{{ endpoint }}';
INSERT example
Use the following StackQL query and manifest file to create a new grants resource.
- Required Properties
- All Properties
- Manifest
/*+ create */
INSERT INTO snowflake.user.grants (
data__securable,
data__containing_scope,
data__securable_type,
data__privileges,
name,
endpoint
)
SELECT
'{{ securable }}',
'{{ containing_scope }}',
'{{ securable_type }}',
'{{ privileges }}',
'{{ name }}',
'{{ endpoint }}'
;
/*+ create */
INSERT INTO snowflake.user.grants (
data__securable_type,
name,
endpoint
)
SELECT
'{{ securable_type }}',
'{{ name }}',
'{{ endpoint }}'
;
# Description fields below are for documentation purposes only and are not required in the manifest
- name: grants
props:
- name: name
value: string
- name: data__securable_type
value: string
- name: endpoint
value: string
- name: securable
value:
- name: database
value: string
description: Database name of the securable if applicable.
- name: schema
value: string
description: Schema name of the securable if applicable.
- name: name
value: string
description: Name of the securable if applicable.
- name: containing_scope
value:
- name: database
value: string
description: Database name of the securable scope if applicable.
- name: schema
value: string
description: Schema name of the securable scope if applicable.
- name: securable_type
value: string
description: Type of the securable to be granted. Only ROLE is supported
- name: privileges
value: array
description: List of privileges to be granted.
DELETE example
Deletes the specified grants resource.
/*+ delete */
DELETE FROM snowflake.user.grants
WHERE name = '{{ name }}'
AND data__securable_type = '{{ data__securable_type }}'
AND endpoint = '{{ endpoint }}';