Grant role to user in Snowflake
Learn how to grant a role to a user or a role to another role in Snowflake using simple SQL commands.
1. Grant role to a user in Snowflake
2. Grant role to a role in Snowflake
3. Snowflake privileges, roles, and users
Let's start by outlining the general syntax for granting a role to a user or another role in Snowflake:
grant role <name> to { role <parent_role_name> | user <user_name> }
Grant role to a user in Snowflake
Granting a role to a user enables the user to undertake all the operations and privileges that are permitted by the role.
Here is an example where we grant the role engineer
to user1
:
grant role engineer to user user1
Grant role to a role in Snowflake
It’s also possible to grant a role to another role, which creates a “role hierarchy” between the two.
For example, if you have a main sysadmin
role and want to grant a newly created role to that role, then you could do that like so:
grant role engineer to role sysadmin;
This example would make the role sysadmin
the “parent” to the role engineer
in this role to role hierarchy.
Snowflake privileges, roles, and users
Let's now introduce the concept of privileges. A Snowflake privilege is an action that a role can undertake, which is then in-turn granted to a user.
A way to visualise these relationships is:
Privilege -> Role -> User
There are many different types of privileges that a role can receive, but the key ones to know are:
SELECT
: Makes it possible to runselect
commandsUPDATE
: Makes it possible to runupdate
commandsTRUNCATE
: Makes it possible run atruncate table
commandCREATE
: Make it possible to run acreate table
orcreate view
commandINSERT
: Make it possible to run aninsert
command
Related articles
Editing tables
Create table in Snowflake
Create or replace table in Snowflake
Drop table in Snowflake
Delete table in Snowflake
References
Snowflake grant role documentation
Snowflake access control privileges