'Can we grant select or insert to a user on table with out creating a role in snowflake?

Can we grant direct select or insert access( with out creating a role ) to a user on a table ?

snowflake-cloud-data-platformsnowflake-schemasnowflake-task


Solution 1:[1]

No, you cannot. Snowflake uses Role-based Access Control (RBAC):

https://docs.snowflake.com/en/user-guide/security-access-control-overview.html#access-control-framework

Therefore, all access on a table should be granted through a role.

https://docs.snowflake.com/en/sql-reference/ddl-user-security.html#access-control-management

Of course you can use "existing roles" instead of "creating a new one".

Solution 2:[2]

The short answer is NO - you can only grant access to a ROLE - never directly to a USER.

In Snowflake, everything is accessed via a ROLE. See this diagram:

RBAC: USERS, ROLES and SECURABLE OBJECTS

From this article: https://www.analytics.today/blog/introducing-snowflake-rbac

In summary:

  • USERS are granted one or more ROLES
  • A ROLE is granted PRIVILEGES (for example, insert, update, delete) on SECURABLE OBJECTS (for example a TABLE or VIEW)

Even the concept of OWNERSHIP is different in Snowflake. Every USER with the same ROLE shares access to the OBJECTS. This has some unusual results.

For example:

If a USER creates a TABLE - everyone with the same ROLE has OWNERSHIP on the table.

You can read more about Snowflake RBAC on this article - which also links to another two which explain best practices on how to deploy. https://www.analytics.today/blog/introducing-snowflake-rbac

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 Gokhan Atil
Solution 2 John Ryan

Related Questions

HHH000339: Could not obtain connection metadata net.snowflake.client.jdbc.SnowflakeLoggedFeatureNotSupportedException

Easter / Good Friday for Sowflake Date Dim

How to Connect with Dbeaver on Snowflake (DUO Push)

OperationalError: 250003: Failed to get the response. Hanging? method: post

How to parse the following JSON to retrieve the name of the item in snowflake sql?

converting string to date using TO_DATE for MM/DD/YY gives wrong values for dates before 1970 [snowflake-cloud-data-platform]

Execute Multiple SQL Insert Statements in parallel in Snowflake

Unpivot multiple columns in Snowflake

Translating an Excel concept into SQL

Error while working on Automation Grant Access to database views / tables in snowflake schema

Why isn't snowsql opening an external browser?

Snowpark connection errors with 0.6.0 jar

Snowflake-Jitterbit Connector Error: net.snowflake.client.jdbc.SnowflakeSQLException: No active warehouse selected in the current session

How to delete Duplicate records in snowflake database table

How to get count of tables present in a particular schema in snowflake?