Setting up Snowflake — the exact grant statements we run

leoebfolsom · September 21, 2021, 3:16am

Thank you @claire ! As a novice to warehouse setup, I found this incredibly helpful (same goes for the other related/linked articles you and @jerco have written). Even on my one-person team, I now have users for both superuser leo and regular leo!

I have a question about steps 6 and 7 (I’ll only go through step 6).

In step 6, you write:

claire:

If you do this before you have any data loaded, you can run:

grant usage on database raw to role transformer;
grant usage on future schemas in database raw to role transformer;
grant select on future tables in database raw to role transformer;
grant select on future views in database raw to role transformer;

If you already have data loaded in the raw database, make sure also you run the following to update the permissions

grant usage on all schemas in database raw to role transformer;
grant select on all tables in database raw to role transformer;
grant select on all views in database raw to role

Because I completed the fundamentals course, my raw database already exists and contains data.

So, when I read:

If you do this before you have any data loaded, you can run:

I assumed that I would not run the subsequent four lines of code, because I have data loaded.

But then, when I read the next part:

If you already have data loaded in the raw database, make sure also you run the following to update the permissions

I thought … huh? What do you mean, “make sure you also run”? Was I supposed to have run some of the previous lines?

I had assumed that

grant usage on all schemas in database raw to role transformer;

would be the first line of code I’d run in step 6, because I skipped the previous bit (as instructed, since I already have data loaded).

Exactly which lines of code should I run if I already have data loaded in my raw database?

What I’ve done is the following, a mishmash of the instructions in step 6:

grant usage on database raw to role transformer;
grant usage on all schemas in database raw to role transformer;
grant select on all tables in database raw to role transformer;
grant select on all views in database raw to role transformer;

When I try to run any of the future statements in step 6 (or in step 7), I receive this error:

SQL access control error: Insufficient privileges to operate on database 'RAW'

I understand that the future statements are important:

Everything else should be inherited automatically thanks to those future grants.

And I’m assuming I should run them even if I already have data loaded into my raw database … right?

Apologies for how verbose this is, but I hope it’s clear what I’m confused about! Please redirect me to Slack or somewhere else if there’s a better place for such questions.

Thank you again for the excellent post.

Topic		Replies	Views
The exact privileges we grant to set up Redshift Show and Tell best-practice , redshift , privileges	0	7543	August 20, 2021
How do you manage Snowflake privileges? In-Depth Discussions best-practice , snowflake , privileges	6	9352	April 14, 2021
Completing the Project Wizard Help snowflake , dbt-cloud , getting-started	6	1307	December 11, 2022
Managing Snowflake Permissions with dbt Macros Archive privileges	1	5454	February 3, 2022
[Obsolete] The exact grant statements we use in a dbt project Archive	4	39016	July 10, 2019

Setting up Snowflake — the exact grant statements we run

Related topics