How to Create User Groups in Snowflake

Question

After creating multiple users in Snowflake, can they be treated as groups? I want to grant a role for each user group.

Hi - that's one of the purposes of using Roles: you assign a role to multiple users and then use that role to reference that group of users — NickW, Aug 09 '22 at 08:13

score 0 · Answer 1 · answered Aug 09 '22 at 09:30

0

The concept of alias (group of users) doesn't exist in Snowflake as such.

answered Aug 09 '22 at 09:30

Srinath Menon

1,479
8
11

score 0 · Answer 2 · answered Aug 14 '22 at 01:23

You can think of a ROLE in Snowflake as a group. In fact, if you automatically provision users with SCIM (such as with azure active directory.) Groups are mapped directly to ROLES in Snowflake.

ROLES are granted to users, and a user can have multiple roles. (just like they could be in multiple groups)

However, ROLES can also be granted to ROLES.

Access Privileges are granted to roles and privileges are inherited. This allows you to map groups to roles (let's call them Functional Roles) but also map privileges to lower-level roles (let's call them Access Roles).

With this pattern, you can contain privileges to ONLY the Access Roles and grant Access Roles, as needed, to the Functional Roles. (which map to your business groups).

(Privileges) -> [ROLE: DB1_SCHEMA1_READ_ONLY] -> [ROLE: HR] -> {User: Janice}

You can read up on this topic in the Snowflake documentation here.

How to Create User Groups in Snowflake

2 Answers2