Steampipe unbundled →
Steampipe Hub 
Hub
Plugins
turbot/snowflake
Overview
18Tables
Versions
PowerpipeMods
GitHub
steampipe plugin install snowflake

Table: snowflake_database_grant - Query Snowflake Database Grants using SQL

Snowflake Database Grant is a feature within Snowflake's data cloud platform that allows you to manage and assign permissions to roles and users. It is a crucial aspect of Snowflake's security model, enabling you to control who has access to your data and what they can do with it. Snowflake Database Grant helps you maintain a secure and compliant data environment by ensuring the right access levels are assigned to the right roles and users.

Table Usage Guide

The snowflake_database_grant table provides insights into the database grants within Snowflake's data cloud platform. As a Database Administrator, you can explore grant-specific details through this table, including roles, users, and the specific permissions assigned to them. Utilize it to uncover information about database access levels, such as those with full permissions, the roles assigned to specific users, and the verification of user privileges.

Examples

Basic info

Explore which privileges have been granted to different users in a specific database. This can help in managing user access and maintaining database security.

select
  database,
  privilege,
  grantee_name,
  granted_to,
  grant_option
from
  snowflake_database_grant
where
  database = 'SNOWFLAKE';
select
  database,
  privilege,
  grantee_name,
  granted_to,
  grant_option
from
  snowflake_database_grant
where
  database = 'SNOWFLAKE';

List grants for all databases

Explore which privileges have been granted to various users across all databases. This can be useful for assessing security measures and understanding user access levels in a Snowflake environment.

select
  database,
  privilege,
  grantee_name,
  granted_to,
  grant_option
from
  snowflake_database_grant
  inner join snowflake_database on snowflake_database_grant.database = snowflake_database.name;
select
  database,
  privilege,
  grantee_name,
  granted_to,
  grant_option
from
  snowflake_database_grant
  inner join snowflake_database on snowflake_database_grant.database = snowflake_database.name;

Schema for snowflake_database_grant

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form, e.g. connection_name.
accounttextThe Snowflake account ID.
created_ontimestamp with time zoneDate and time when the access was granted.
databasetext=Name of the database.
grant_optionbooleanIf set to TRUE, the recipient role can grant the privilege to other roles.
granted_bytextIdentifier for the object that granted the privilege.
granted_ontextType of the object.
granted_totextType of the object role has been granted.
grantee_nametextName of the object role has been granted.
privilegetextA defined level of access to an database.
regiontextThe Snowflake region in which the account is located.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- snowflake

You can pass the configuration to the command with the --config argument:

steampipe_export_snowflake --config '<your_config>' snowflake_database_grant