users

Creates, updates, deletes, gets or lists a users resource.

Overview

Name	`users`
Type	Resource
Id	`snowflake.user.users`

Fields

Name	Datatype	Description
`name`	`string`	User name
`comment`	`string`	Comment about the user.
`created_on`	`string`
`custom_landing_page_url`	`string`
`custom_landing_page_url_flush_next_ui_load`	`boolean`	Whether or not to flush the custom landing page of the user on next UI load
`days_to_expiry`	`integer`	How many days until this user expires
`default_namespace`	`string`	The default namespace to use when this user starts a session
`default_role`	`string`	The default role to use when this user starts a session
`default_secondary_roles`	`string`	The default secondary roles of this user to use when starting a session. Only valid set values are ALL or NONE. Default is ALL after 2024-07 BCR.
`default_warehouse`	`string`	The default warehouse to use when this user starts a session
`disabled`	`boolean`	Has this user been disabled from the system
`display_name`	`string`	Display name
`email`	`string`	Email address
`enable_unredacted_query_syntax_error`	`boolean`	Whether to show unredacted query syntax errors in the query history.
`expires_at`	`string`
`ext_authn_duo`	`boolean`
`ext_authn_uid`	`string`
`first_name`	`string`	First name
`has_password`	`boolean`
`has_rsa_public_key`	`boolean`
`last_name`	`string`	Last name
`last_successful_login`	`string`
`locked_until`	`string`
`login_name`	`string`	Login name
`middle_name`	`string`	Middle name
`mins_to_bypass_mfa`	`integer`	How many minutes until MFA is required again
`mins_to_bypass_network_policy`	`integer`	Temporary bypass network policy on the user for a specified number of minutes
`mins_to_unlock`	`integer`	How many minutes until the account is unlocked after multiple failed logins
`must_change_password`	`boolean`	Does this user need to change their password (e.g., after assigning a temp password)
`network_policy`	`string`	Specifies an existing network policy is active for the user. Otherwise, use account default.
`owner`	`string`
`password`	`string`	Password
`password_last_set`	`string`
`rsa_public_key`	`string`	RSA public key of the user
`rsa_public_key_2`	`string`	Second RSA public key of the user
`rsa_public_key_2_fp`	`string`	Fingerprint of the user's second RSA public key
`rsa_public_key_fp`	`string`	Fingerprint of the user's RSA public key
`snowflake_lock`	`boolean`	Whether the user, account, or organization is locked by Snowflake.
`snowflake_support`	`boolean`	Whether Snowflake Support is allowed to use the user or account
`type`	`string`	Indicates the type of user (PERSON \| SERVICE \| LEGACY_SERVICE)

Methods

Name	Accessible by	Required Params	Optional Params	Description
`fetch_user`	`SELECT`	`name, endpoint`	-	Fetch user information using the result of the DESCRIBE command
`list_users`	`SELECT`	`endpoint`	`like`, `startsWith`, `showLimit`, `fromName`	Lists the users in the system.
`create_user`	`INSERT`	`data__name, endpoint`	`createMode`	Create a user according to the parameters given
`delete_user`	`DELETE`	`name, endpoint`	`ifExists`	Delete a user with the given name.
`create_or_alter_user`	`REPLACE`	`name, data__name, endpoint`	-	Create a (or alter an existing) user. Even if the operation is just an alter, the full property set must be provided. Note that password is not currently altered by this operation but is supported for a newly-created object.

Optional Parameter Details

Name	Description	Type	Default
`createMode`	Query parameter allowing support for different modes of resource creation. Possible values include: - `errorIfExists`: Throws an error if you try to create a resource that already exists. - `orReplace`: Automatically replaces the existing resource with the current one. - `ifNotExists`: Creates a new resource when an alter is requested for a non-existent resource.	`string`	`errorIfExists`
`fromName`	Query parameter to enable fetching rows only following the first row whose object name matches the specified string. Case-sensitive and does not have to be the full name.	`string`	`-`
`ifExists`	Query parameter that specifies how to handle the request for a resource that does not exist: - `true`: The endpoint does not throw an error if the resource does not exist. It returns a 200 success response, but does not take any action on the resource. - `false`: The endpoint throws an error if the resource doesn't exist.	`boolean`	`false`
`like`	Query parameter to filter the command output by resource name. Uses case-insensitive pattern matching, with support for SQL wildcard characters.	`string`	`-`
`showLimit`	Query parameter to limit the maximum number of rows returned by a command.	`integer`	`-`
`startsWith`	Query parameter to filter the command output based on the string of characters that appear at the beginning of the object name. Uses case-sensitive pattern matching.	`string`	`-`

`SELECT` examples

list_users
fetch_user

Lists the users in the system.

SELECT
name,
comment,
created_on,
custom_landing_page_url,
custom_landing_page_url_flush_next_ui_load,
days_to_expiry,
default_namespace,
default_role,
default_secondary_roles,
default_warehouse,
disabled,
display_name,
email,
enable_unredacted_query_syntax_error,
expires_at,
ext_authn_duo,
ext_authn_uid,
first_name,
has_password,
has_rsa_public_key,
last_name,
last_successful_login,
locked_until,
login_name,
middle_name,
mins_to_bypass_mfa,
mins_to_bypass_network_policy,
mins_to_unlock,
must_change_password,
network_policy,
owner,
password,
password_last_set,
rsa_public_key,
rsa_public_key_2,
rsa_public_key_2_fp,
rsa_public_key_fp,
snowflake_lock,
snowflake_support,
type
FROM snowflake.user.users
WHERE endpoint = '{{ endpoint }}';

Fetch user information using the result of the DESCRIBE command

SELECT
name,
comment,
created_on,
custom_landing_page_url,
custom_landing_page_url_flush_next_ui_load,
days_to_expiry,
default_namespace,
default_role,
default_secondary_roles,
default_warehouse,
disabled,
display_name,
email,
enable_unredacted_query_syntax_error,
expires_at,
ext_authn_duo,
ext_authn_uid,
first_name,
has_password,
has_rsa_public_key,
last_name,
last_successful_login,
locked_until,
login_name,
middle_name,
mins_to_bypass_mfa,
mins_to_bypass_network_policy,
mins_to_unlock,
must_change_password,
network_policy,
owner,
password,
password_last_set,
rsa_public_key,
rsa_public_key_2,
rsa_public_key_2_fp,
rsa_public_key_fp,
snowflake_lock,
snowflake_support,
type
FROM snowflake.user.users
WHERE name = '{{ name }}'
AND endpoint = '{{ endpoint }}';

`INSERT` example

Use the following StackQL query and manifest file to create a new users resource.

Required Properties
All Properties
Manifest

/*+ create */
INSERT INTO snowflake.user.users (
data__name,
data__password,
data__login_name,
data__display_name,
data__first_name,
data__middle_name,
data__last_name,
data__email,
data__must_change_password,
data__disabled,
data__days_to_expiry,
data__mins_to_unlock,
data__default_warehouse,
data__default_namespace,
data__default_role,
data__default_secondary_roles,
data__mins_to_bypass_mfa,
data__rsa_public_key,
data__rsa_public_key_2,
data__comment,
data__type,
data__enable_unredacted_query_syntax_error,
data__network_policy,
endpoint
)
SELECT 
'{{ name }}',
'{{ password }}',
'{{ login_name }}',
'{{ display_name }}',
'{{ first_name }}',
'{{ middle_name }}',
'{{ last_name }}',
'{{ email }}',
'{{ must_change_password }}',
'{{ disabled }}',
'{{ days_to_expiry }}',
'{{ mins_to_unlock }}',
'{{ default_warehouse }}',
'{{ default_namespace }}',
'{{ default_role }}',
'{{ default_secondary_roles }}',
'{{ mins_to_bypass_mfa }}',
'{{ rsa_public_key }}',
'{{ rsa_public_key_2 }}',
'{{ comment }}',
'{{ type }}',
'{{ enable_unredacted_query_syntax_error }}',
'{{ network_policy }}',
'{{ endpoint }}'
;

/*+ create */
INSERT INTO snowflake.user.users (
data__name,
endpoint
)
SELECT 
'{{ name }}',
'{{ endpoint }}'
;

# Description fields below are for documentation purposes only and are not required in the manifest
- name: users
  props:
    - name: data__name
      value: string
    - name: endpoint
      value: string
    - name: name
      value: string
      description: User name
    - name: password
      value: string
      description: Password
    - name: login_name
      value: string
      description: Login name
    - name: display_name
      value: string
      description: Display name
    - name: first_name
      value: string
      description: First name
    - name: middle_name
      value: string
      description: Middle name
    - name: last_name
      value: string
      description: Last name
    - name: email
      value: string
      description: Email address
    - name: must_change_password
      value: boolean
      description: >-
        Does this user need to change their password (e.g., after assigning a
        temp password)
    - name: disabled
      value: boolean
      description: Has this user been disabled from the system
    - name: days_to_expiry
      value: integer
      description: How many days until this user expires
    - name: mins_to_unlock
      value: integer
      description: >-
        How many minutes until the account is unlocked after multiple failed
        logins
    - name: default_warehouse
      value: string
      description: The default warehouse to use when this user starts a session
    - name: default_namespace
      value: string
      description: The default namespace to use when this user starts a session
    - name: default_role
      value: string
      description: The default role to use when this user starts a session
    - name: default_secondary_roles
      value: string
      description: >-
        The default secondary roles of this user to use when starting a session.
        Only valid set values are ALL or NONE. Default is ALL after 2024-07 BCR.
    - name: mins_to_bypass_mfa
      value: integer
      description: How many minutes until MFA is required again
    - name: rsa_public_key
      value: string
      description: RSA public key of the user
    - name: rsa_public_key_2
      value: string
      description: Second RSA public key of the user
    - name: comment
      value: string
      description: Comment about the user.
    - name: type
      value: string
      description: Indicates the type of user (PERSON \| SERVICE \| LEGACY_SERVICE)
    - name: enable_unredacted_query_syntax_error
      value: boolean
      description: Whether to show unredacted query syntax errors in the query history.
    - name: network_policy
      value: string
      description: >-
        Specifies an existing network policy is active for the user. Otherwise,
        use account default.

`REPLACE` example

Replaces all fields in the specified users resource.

/*+ update */
REPLACE snowflake.user.users
SET 
name = '{{ name }}',
password = '{{ password }}',
login_name = '{{ login_name }}',
display_name = '{{ display_name }}',
first_name = '{{ first_name }}',
middle_name = '{{ middle_name }}',
last_name = '{{ last_name }}',
email = '{{ email }}',
must_change_password = true|false,
disabled = true|false,
days_to_expiry = '{{ days_to_expiry }}',
mins_to_unlock = '{{ mins_to_unlock }}',
default_warehouse = '{{ default_warehouse }}',
default_namespace = '{{ default_namespace }}',
default_role = '{{ default_role }}',
default_secondary_roles = '{{ default_secondary_roles }}',
mins_to_bypass_mfa = '{{ mins_to_bypass_mfa }}',
rsa_public_key = '{{ rsa_public_key }}',
rsa_public_key_2 = '{{ rsa_public_key_2 }}',
comment = '{{ comment }}',
type = '{{ type }}',
enable_unredacted_query_syntax_error = true|false,
network_policy = '{{ network_policy }}'
WHERE 
name = '{{ name }}'
AND data__name = '{{ data__name }}'
AND endpoint = '{{ endpoint }}';

`DELETE` example

Deletes the specified users resource.

/*+ delete */
DELETE FROM snowflake.user.users
WHERE name = '{{ name }}'
AND endpoint = '{{ endpoint }}';

Overview​

Fields​

Methods​

SELECT examples​

INSERT example​

REPLACE example​

DELETE example​