An Overview of Snowflake Roles
April 9, 2021
The privileges are granted or withdrawn to the roles along any secure object. Roles are then given to different users to enable them to do different business management activities in the organization. More than one role can be assigned to a user. It enables users to exchange roles (i.e. select whichever role is actively useable in the present Snowflake period) to do different business activates with particular number of privileges.
A role is not only granted to other users but also to the roles, making a stake of roles. The rights linked with the role are associated by senior roles.
There’re more than a few system-created Snowflake roles. A user with the right access can modify the system-created roles and accordingly can also generate any role according to the needs.
System-Created Roles in Snowflake
It includes the SECURITYADMIN and SYSADMIN roles created by system. It’s the most important and has highest authority and cannot be granted to multiple users. It is only granted to only a few important users.
This role is to organize the grants all over the system in addition it can also create, track, and organize any user or role. More exactly, it:
- Has MANAGE-GRANTS, a security-related privilege, so it can change the grants in addition to canceling it.
- Shares the USERADMIN role’s privilege in system
It is granted to the users for management of roles. More exactly, it:
- Has the privileges of CREATE-ROLE and CREATE-USER.
- Has the privileges to generate a user and role in system.
It cannot deal with all users and roles. It can manage only the roles and uses that are owned by it. It can change the properties of only a role which OWNERSHIP privilege, it has. Moreover, to perform all these activities, it has to be granted the privileges of CREATE-ROLE or CREATE-USER.