Scribd
Upload
15 views4 pages

RBAC Configuration Management v1 1723989259

Uploaded by

Avinash Reddy
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
15 views4 pages

RBAC Configuration Management v1 1723989259

Uploaded by

Avinash Reddy
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 4

RBAC: Configuration

Management
Overview
One of the most important thing that comes up during the RBAC management is
about how do we VIEW GRANTED PRIVILEGES in SNOWFLAKE. This short
document would give us insights around the same.

RBAC: Observing the “granted privileges”


Topic Viewing the granted privileges

This is usually applicable for Snowflake objects. Those objects can be of account
level objects OR the general Snowflake objects


Key Information Applicable to:

Standard Objects ⟶ Tables, Views, Procedures, UDFs, File formats, etc.

Account level objects ⟶ Users, Roles

Standard Objects:
SHOW GRANTS ON <objects>; (Objects can be schema, table, views, etc..)
Explanation : This command gives us the view of the privileges that were
granted to the object. See below image where the privilege is
of type “USAGE”


Account level objects:

Commands SHOW GRANTS TO <role>;


SHOW GRANTS TO <user>;
Explanation : This command is used to view the current set of privileges
granted to a role, or the current set of roles granted to a user.
See the below image to understand it better.


When in console we execute the commands like SHOW GRANTS ON <object>;


OR similar commands as shown above we get multiple values against columns,
below are the key columns to read the output.

GRANTEE_NAME ⟶ This refers to the “exact name” that receives


the grant. It can be a role, user, table, view, etc. E.g., if
grants are given to a role R1, then value would be “R1”.

GRANTED_TO⟶ This refers to the “exact category” that receives
the grant. It can be a role, user, table, view, etc. E.g., if
grants are given to a role R1, then value would be “Role”.


GRANTED_BY ⟶ This gives the information about which role has given the grants .
Example: “SECURITYADMIN” role is responsible for managing

Column reading grants hence this can come as an output of the column.


GRANTED_ON ⟶ This refers which all are the objects on which the grants have
been given. Like schema, table, views, warehouse, etc.


PRIVILEGE ⟶ This refers to what kind of privileges are associated with those
objects. Like USAGE, SELECT, INSERT. The “privilege” &
“granted on” can always be read together to know the grant
levels associated with an object.


Viewing granted privileges on objects in Snowflake is crucial for several


Inferences reasons, particularly in the context of security, compliance, and efficient data
management. Hence it has to be managed diligently.

Relevant Resources
 https://docs.snowflake.com/en/user-guide/security-access-control-configure#label-
security-role-hierarchy


https://docs.snowflake.com/en/user-guide/security-access-control-considerations

You might also like