-
Notifications
You must be signed in to change notification settings - Fork 42
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Feature] Support for database roles #700
Open
3 tasks done
Labels
Comments
seediang
added
type:enhancement
New feature request
triage:product
In Product's queue
labels
Oct 12, 2024
This was referenced Oct 12, 2024
Here is a workaround. With grants defined as: models:
- name: MODEL_NAME_1
config:
grants:
# Object type must be specified: ROLE or DATABASE ROLE
select: ['ROLE ROLE_NAME', 'DATABASE ROLE DB_ROLE_NAME', ...]
insert: ['ROLE ROLE_NAME', 'DATABASE ROLE DB_ROLE_NAME, ...] The workaround itself
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
Is this your first time submitting a feature request?
Describe the feature
This feature request is for dbt-snowflake to include support for database roles.
There is already a request against the dbt-core project dbt-labs/dbt-core#10587 but raising here for visibility. This request also shows there is synergy with other adapter plugins looking for better support around grants.
There is also a really nice looking pattern suggested by @dbeatty10 on feature request #dbt-core/10587 for how something like this might be implemented from a user point of view.
Describe alternatives you've considered
Today, I actually work around this issue by overriding macros get_grant_sql & get_revoke_sql to perform database role grants instead on account-level role grants. Unfortunately, dbt-labs/dbt-snowflake#1188 will close this loop hole and break the technique. This is the real reason behind this request.
Who will this benefit?
I am strongly opinionated here, database roles can be created and managed with a lower level of privilege than account level roles. This will allow Analytics Engineers to better control and setup data access patterns, without having to coordinate with a central admin or platform team. The more dbt can be used to manage the desired end state the better the dbt experience. Who knows where this could go, perhaps in the future dbt could automatically create any missing database roles defined in the grants.
Are you interested in contributing this feature?
yes
Anything else?
No response
The text was updated successfully, but these errors were encountered: