Table: snowflake_view_grant - Query Snowflake View Grants using SQL
Snowflake View Grants represent permissions that are granted to specific views within a Snowflake database. They are a crucial aspect of managing security and access control in Snowflake, ensuring that only authorized users or roles can access and manipulate specific views. They can be used to grant or revoke privileges such as SELECT, INSERT, UPDATE, DELETE, TRUNCATE, REFERENCES, or TRANSFER OWNERSHIP on a specific view to a specific role.
Table Usage Guide
The snowflake_view_grant table provides insights into the permissions granted to specific views within a Snowflake database. As a database administrator or security officer, explore the details of these grants through this table, including the granted role, privilege type, and associated metadata. Utilize it to manage and monitor access control, ensuring that only authorized users or roles can access and manipulate specific views.
Examples
Basic info
Explore which privileges have been granted to specific users within the Snowflake database. This could be particularly useful for administrators looking to review access controls for security purposes.
select view_name, privilege, grantee_name, granted_to, grant_optionfrom snowflake_view_grantwhere view_name = 'ROLES' and database_name = 'SNOWFLAKE' and schema_name = 'ACCOUNT_USAGE';select view_name, privilege, grantee_name, granted_to, grant_optionfrom snowflake_view_grantwhere view_name = 'ROLES' and database_name = 'SNOWFLAKE' and schema_name = 'ACCOUNT_USAGE';List view grants for ACCOUNT_USAGE schema in SNOWFLAKE database
Discover the segments that have been granted access to view certain data in a specific Snowflake database schema. This query is useful for auditing and managing data access permissions in your organization.
select view_name, snowflake_view.database_name, snowflake_view.schema_name, privilege, grantee_name, granted_to, grant_optionfrom snowflake_view_grant inner join snowflake_view on snowflake_view_grant.view_name = snowflake_view.name and snowflake_view_grant.database_name = snowflake_view.database_name and snowflake_view_grant.schema_name = snowflake_view.schema_namewhere snowflake_view_grant.database_name = 'SNOWFLAKE' and snowflake_view_grant.schema_name = 'ACCOUNT_USAGE';select view_name, snowflake_view.database_name, snowflake_view.schema_name, privilege, grantee_name, granted_to, grant_optionfrom snowflake_view_grant inner join snowflake_view on snowflake_view_grant.view_name = snowflake_view.name and snowflake_view_grant.database_name = snowflake_view.database_name and snowflake_view_grant.schema_name = snowflake_view.schema_namewhere snowflake_view_grant.database_name = 'SNOWFLAKE' and snowflake_view_grant.schema_name = 'ACCOUNT_USAGE';Schema for snowflake_view_grant
| Name | Type | Operators | Description |
|---|---|---|---|
| _ctx | jsonb | Steampipe context in JSON form. | |
| account | text | =, !=, ~~, ~~*, !~~, !~~* | The Snowflake account ID. |
| created_on | timestamp with time zone | Date and time privilege was granted. | |
| database_name | text | = | The name of the database in which the view exists. |
| grant_option | boolean | If set to TRUE, the recipient role can grant the privilege to other roles. | |
| granted_by | text | Name of the object that granted access on the role. | |
| granted_on | text | Date and time when the access was granted. | |
| granted_to | text | Type of the object. | |
| grantee_name | text | Name of the object role has been granted. | |
| privilege | text | A defined level of access to an object. | |
| region | text | The Snowflake region in which the account is located. | |
| schema_name | text | = | The name of the schema in which the view exists. |
| sp_connection_name | text | =, !=, ~~, ~~*, !~~, !~~* | Steampipe connection name. |
| sp_ctx | jsonb | Steampipe context in JSON form. | |
| view_name | text | = | The name of the view. |
Export
This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- snowflakeYou can pass the configuration to the command with the --config argument:
steampipe_export_snowflake --config '<your_config>' snowflake_view_grant