Skip to main content

Role

Configuration can be provided to Snowflake Object Lifecycle Engine for the following operation with roles:

  • Manage Lifecycle of new and existing Role
  • Manage Lifecycle of cloned Role
  • Manage Grants of Role

Supported Parameters#

The engine supports the parameters listed below.

  • COMMENT: Specifies a comment for the role.
    • Configuration key: comment
    • Data Type: String
  • NAMESPACING: Specify whether Prefix or Suffix or both are to be added to Role Name[Doesn't apply to Default Database].
    • Configuration key: namespacing
    • Data Type: String
    • Possible Values:
      • none
      • prefix
      • suffix
      • both(Default)
  • ENVIRONMENT: Specify the environment in which the Role is managed. Regex can be provided as well.
    • Configuration key: environment
    • Data Type: String
  • MANAGE_MODE: Configures what properties to manage for the Role.
    • Configuration key: manage_mode
    • Data Type: String
    • Possible Values:
      • none
      • grants
      • all(Default)
  • ROLES: List of roles to which current roles are granted to.
    • Configuration key: roles
    • Data Type: List
  • USERS: List of users to which current roles are granted to.
    • Configuration key: users
    • Data Type: List

Basic syntax#

roles:  <role-name>:    comment: "COMMENT"    roles:      - <role-name>      - <role-name>    users:      - <user-name>      - <user-name>

Examples#

Role creation#

roles:  DEV_ROLE:    comment: "Role for Ingestion Developers"

Role with Grants to Roles and Users#

roles:  MODELLING_ROLE:    comment: "Role for Ingestion Developers"    roles:      - INGESTION_ROLE      - ACCOUNTADMIN    users:      - DATAOPSADMIN      - INGESTION_USER
Last updated on