Granting privileges on these objects effectively adds the objects to the share, which can then be shared with one or more consumer accounts. Note that the owner role does not inherit any permissions granted to the owned role. TO Specifies the identifier for the share from which the specified privilege is granted. We can create it in two ways: we can create the database using the CREATE DATABASE statement. Grants all privileges, except OWNERSHIP, on the task. Enables creating a new Column-level Security masking policy in a schema. . share returns an error. Operating on a table also requires the USAGE privilege on the parent database and schema. Enables roles other than the owning role to modify a Snowflake Marketplace or Data Exchange listing. The following privileges apply to both standard and materialized views. hierarchy). Only a single role can hold this privilege on a specific object at a time. Enables referencing the storage integration when creating a stage (using CREATE STAGE) or modifying a stage (using ALTER STAGE). . Note that in a managed access schema, only the schema owner (i.e. 1. Enables altering any properties of a resource monitor, such as changing the monthly credit quota. Alternatively, use a role with the global MANAGE GRANTS privilege. In managed schemas, the schema owner manages all privilege grants, including future grants, on objects in the schema. Wall shelves, hooks, other wall-mounted things, without drilling? For more details, see Understanding & Using Time Travel. Only a single role can hold this privilege on a specific object at a time. the role with the OWNERSHIP privilege on the schema) or a role with the MANAGE GRANTS privilege can grant or revoke privileges on objects in the schema, including future grants. Granting a role to another role creates a "parent-child" relationship between the roles (also referred to as a role hierarchy ). Grants full control over an integration. For tables, the privilege also grants the ability to reference the object as the unique/primary key table for a foreign key constraint. privileges at a minimum: Can create both regular and managed access schemas. Grants full control over the view. Enables altering any settings of a database. Figure 2: Snowflake schema representation in SAP Data Warehouse Cloud source hierarchy. The following statement grants the USAGE privilege on the database rocketship to the role engineer: GRANT USAGE ON DATABASE rocketship TO ROLE engineer; the role with the OWNERSHIP privilege on the schema) or a role with the MANAGE GRANTS privilege can grant or revoke privileges on objects in the schema, including future grants. If an active role holds the global MANAGE GRANTS privilege, the grantor role is the object owner, not the role that held the 2022 Snowflake Inc. All Rights Reserved, Storage Costs for Time Travel and Fail-safe, -------------------------------+--------------------+------------+------------+---------------+--------------+-----------------------------------------------------------+---------+----------------+, | created_on | name | is_default | is_current | database_name | owner | comment | options | retention_time |, |-------------------------------+--------------------+------------+------------+---------------+--------------+-----------------------------------------------------------+---------+----------------|, | 2018-12-10 09:34:02.127 -0800 | INFORMATION_SCHEMA | N | N | MYDB | | Views describing the contents of schemas in this database | | 1 |, | 2018-12-10 09:33:56.793 -0800 | MYSCHEMA | N | Y | MYDB | PUBLIC | | | 1 |, | 2018-11-26 06:08:24.263 -0800 | PUBLIC | N | N | MYDB | PUBLIC | | | 1 |, -------------------------------+--------------------+------------+------------+---------------+--------------+-----------------------------------------------------------+-----------+----------------+, | created_on | name | is_default | is_current | database_name | owner | comment | options | retention_time |, |-------------------------------+--------------------+------------+------------+---------------+--------------+-----------------------------------------------------------+-----------+----------------|, | 2018-12-10 09:34:02.127 -0800 | INFORMATION_SCHEMA | N | N | MYDB | | Views describing the contents of schemas in this database | | 1 |, | 2018-12-10 09:33:56.793 -0800 | MYSCHEMA | N | Y | MYDB | PUBLIC | | | 1 |, | 2018-11-26 06:08:24.263 -0800 | PUBLIC | N | N | MYDB | PUBLIC | | | 1 |, | 2018-12-10 09:35:32.326 -0800 | TSCHEMA | N | Y | MYDB | PUBLIC | | TRANSIENT | 1 |, -------------------------------+--------------------+------------+------------+---------------+--------------+-----------------------------------------------------------+----------------+----------------+, | created_on | name | is_default | is_current | database_name | owner | comment | options | retention_time |, |-------------------------------+--------------------+------------+------------+---------------+--------------+-----------------------------------------------------------+----------------+----------------|, | 2018-12-10 09:34:02.127 -0800 | INFORMATION_SCHEMA | N | N | MYDB | | Views describing the contents of schemas in this database | | 1 |, | 2018-12-10 09:36:47.738 -0800 | MSCHEMA | N | Y | MYDB | ROLE1 | | MANAGED ACCESS | 1 |, | 2018-12-10 09:33:56.793 -0800 | MYSCHEMA | N | Y | MYDB | PUBLIC | | | 1 |, | 2018-11-26 06:08:24.263 -0800 | PUBLIC | N | N | MYDB | PUBLIC | | | 1 |, | 2018-12-10 09:35:32.326 -0800 | TSCHEMA | N | Y | MYDB | PUBLIC | | TRANSIENT | 1 |, ALTER SECURITY INTEGRATION (External OAuth), ALTER SECURITY INTEGRATION (Snowflake OAuth), CREATE SECURITY INTEGRATION (External OAuth), CREATE SECURITY INTEGRATION (Snowflake OAuth), DML (Data Manipulation Language) Commands. Grants the ability to execute a TRUNCATE TABLE command on the table. Grants the ability to execute a USE