If you have defined a Snowflake Network Policy, add Narrator's IP. to that policy
Create a user and grant Narrator Access
-- create variables for user / password / role / warehouse / database (needs to be uppercase for objects)
set role_name = 'NARRATOR_ROLE';
set user_name = 'narrator_user';
set user_password = 'password123';
set warehouse_name = 'COMPUTE_WH';
set database_name = 'DOH';
-- change role to securityadmin for user / role steps
use role securityadmin;
-- create role for narrator
create role if not exists identifier($role_name);
grant role identifier($role_name) to role SYSADMIN;
-- create a user for narrator
create user if not exists identifier($user_name)
password = $user_password
default_role = $role_name
default_warehouse = $warehouse_name;
grant role identifier($role_name) to user identifier($user_name);
-- change role to sysadmin for warehouse / database steps
use role sysadmin;
-- grant narrator role access to warehouse
grant USAGE
on warehouse identifier($warehouse_name)
to role identifier($role_name);
-- grant narrator access to database
grant CREATE SCHEMA, MONITOR, USAGE
on database identifier($database_name)
to role identifier($role_name);
-- grant narrator read access to database
grant usage on all schemas in database identifier($database_name) to role identifier($role_name);
grant select on all tables in database identifier($database_name) to role identifier($role_name);
-- grant narrator read access to all future tables database
grant usage on database identifier($database_name) to role identifier($role_name);
-- change role to securityadmin for future schemas role assignment
use role securityadmin;
grant usage on future schemas in database identifier($database_name) to role identifier($role_name);
grant select on future tables in database identifier($database_name) to role identifier($role_name);
commit;
Updated 5 months ago
What's Next
Create your first transformation |