Table: snowflake_database_grant - Query Snowflake Database Grants using SQL
Snowflake Database Grant is a feature within Snowflake's data cloud platform that allows you to manage and assign permissions to roles and users. It is a crucial aspect of Snowflake's security model, enabling you to control who has access to your data and what they can do with it. Snowflake Database Grant helps you maintain a secure and compliant data environment by ensuring the right access levels are assigned to the right roles and users.
Table Usage Guide
The snowflake_database_grant table provides insights into the database grants within Snowflake's data cloud platform. As a Database Administrator, you can explore grant-specific details through this table, including roles, users, and the specific permissions assigned to them. Utilize it to uncover information about database access levels, such as those with full permissions, the roles assigned to specific users, and the verification of user privileges.
Examples
Basic info
Explore which privileges have been granted to different users in a specific database. This can help in managing user access and maintaining database security.
select database, privilege, grantee_name, granted_to, grant_optionfrom snowflake_database_grantwhere database = 'SNOWFLAKE';select database, privilege, grantee_name, granted_to, grant_optionfrom snowflake_database_grantwhere database = 'SNOWFLAKE';List grants for all databases
Explore which privileges have been granted to various users across all databases. This can be useful for assessing security measures and understanding user access levels in a Snowflake environment.
select database, privilege, grantee_name, granted_to, grant_optionfrom snowflake_database_grant inner join snowflake_database on snowflake_database_grant.database = snowflake_database.name;select database, privilege, grantee_name, granted_to, grant_optionfrom snowflake_database_grant inner join snowflake_database on snowflake_database_grant.database = snowflake_database.name;Schema for snowflake_database_grant
| Name | Type | Operators | Description |
|---|---|---|---|
| _ctx | jsonb | Steampipe context in JSON form. | |
| account | text | =, !=, ~~, ~~*, !~~, !~~* | The Snowflake account ID. |
| created_on | timestamp with time zone | Date and time when the access was granted. | |
| database | text | = | Name of the database. |
| grant_option | boolean | If set to TRUE, the recipient role can grant the privilege to other roles. | |
| granted_by | text | Identifier for the object that granted the privilege. | |
| granted_on | text | Type of the object. | |
| granted_to | text | Type of the object role has been granted. | |
| grantee_name | text | Name of the object role has been granted. | |
| privilege | text | A defined level of access to an database. | |
| region | text | The Snowflake region in which the account is located. | |
| sp_connection_name | text | =, !=, ~~, ~~*, !~~, !~~* | Steampipe connection name. |
| sp_ctx | jsonb | Steampipe context in JSON form. |
Export
This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- snowflakeYou can pass the configuration to the command with the --config argument:
steampipe_export_snowflake --config '<your_config>' snowflake_database_grant