Skip to content

Commit

Permalink
Fix grant query and exclusion of snowflake database
Browse files Browse the repository at this point in the history
  • Loading branch information
@pei0804
pei0804 committed Dec 13, 2023
1 parent c86801d commit 7d11b6b
Showing 1 changed file with 14 additions and 6 deletions.
20 changes: 14 additions & 6 deletions macros/utils/cross_db_utils/get_profile_creation_query.sql
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,23 +37,31 @@ CREATE OR REPLACE PROCEDURE ELEMENTARY_GRANT_INFO_SCHEMA_ACCESS(database_name ST
AS
$$
BEGIN
GRANT USAGE,MONITOR ON DATABASE IDENTIFIER(:database_name) TO ROLE IDENTIFIER(:role_name);
GRANT USAGE,MONITOR ON ALL SCHEMAS IN DATABASE {{ database }} TO ROLE IDENTIFIER(:role_name);
GRANT USAGE,MONITOR ON FUTURE SCHEMAS IN DATABASE {{ database }} TO ROLE identifier(:role_name);
-- Database level privileges
GRANT USAGE ON DATABASE IDENTIFIER(:database_name) TO ROLE IDENTIFIER(:role_name);
GRANT MONITOR ON DATABASE IDENTIFIER(:database_name) TO ROLE IDENTIFIER(:role_name);

-- Schema level privileges
GRANT USAGE ON ALL SCHEMAS IN DATABASE IDENTIFIER(:database_name) TO ROLE IDENTIFIER(:role_name);
GRANT USAGE ON FUTURE SCHEMAS IN DATABASE IDENTIFIER(:database_name) TO ROLE IDENTIFIER(:role_name);

-- Table and view level privileges
GRANT REFERENCES ON ALL TABLES IN DATABASE IDENTIFIER(:database_name) TO ROLE IDENTIFIER(:role_name);
GRANT REFERENCES ON ALL VIEWS IN DATABASE IDENTIFIER(:database_name) TO ROLE IDENTIFIER(:role_name);
GRANT REFERENCES ON ALL EXTERNAL TABLES IN DATABASE IDENTIFIER(:database_name) TO ROLE IDENTIFIER(:role_name);

GRANT REFERENCES ON FUTURE TABLES IN DATABASE IDENTIFIER(:database_name) TO ROLE IDENTIFIER(:role_name);
GRANT REFERENCES ON FUTURE VIEWS IN DATABASE IDENTIFIER(:database_name) TO ROLE IDENTIFIER(:role_name);
GRANT REFERENCES ON FUTURE EXTERNAL TABLES IN DATABASE IDENTIFIER(:database_name) TO ROLE IDENTIFIER(:role_name);
END;
$$
;

{%- set databases = elementary.get_configured_databases_from_graph() %}
{% for database in databases -%}
{%- set databases = elementary.get_configured_databases_from_graph()%}
{# see The snowflake database is not included in the monitoring target. #}
{% for database in databases %}
{% if database|lower == 'snowflake' %}
{% continue %}
{% endif %}
CALL ELEMENTARY_GRANT_INFO_SCHEMA_ACCESS('{{ database }}', $elementary_role);
{% endfor %}

Expand Down

0 comments on commit 7d11b6b

Please sign in to comment.