0

I'm trying to restrict read permissions on some entities to a specific user.

In Oracle I'd simply do

GRANT SELECT ON sensitive_schema.my_table1 TO error_2646;
GRANT SELECT ON sensitive_schema.my_table2 TO error_2646;
GRANT SELECT ON sensitive_schema.my_tableN TO error_2646;

or ideally at schema level

GRANT SELECT ON sensitive_schema TO error_2646;

Can I do this in Snowflake? In the documentation it looks like permissions are managed by role in Snowflake and I'd rather not change this person's role.

https://docs.snowflake.com/en/sql-reference/sql/grant-privilege.html

Mark Rotteveel
  • 100,966
  • 191
  • 140
  • 197
Error_2646
  • 2,555
  • 1
  • 10
  • 22
  • Sifted through the recommendations more. Possible duplicate of https://stackoverflow.com/questions/60621280/snowflake-data-sharing-any-way-to-grant-user-specific-access But not exact as "error_2646" is not a shared account in this case – Error_2646 Aug 13 '21 at 14:08

1 Answers1

1

As Snowflake's approch for permission is Role-based Access Control (RBAC) you will not be able to give GRANTS to a specific user.

If you absolutly don't want to work on role for this, maybe you can have a look on Dynamic Data Masking. You will be able to mask data to a specific user using current_user(). But you will have to create a masking policy for every field type you want to mask and apply this policy to every field in your table so i would not recommend this compared to role approach.

CMe
  • 642
  • 3
  • 9
  • Appreciate it. I was figuring so by the documentation but good to have the confirmation that I didn't miss something. – Error_2646 Aug 13 '21 at 14:56