We have a snowflake deployment and have a bunch of analysts and engineers and I’d like them to be able to contribute dbt models for their own areas of expertise. Each of these individual teams have access to different databases/schemas/tables in Snowflake so I’m wondering how they would be able to run dbt in dev-mode successfully without having read permission to all tables that w have available?
Is there a way to scope dbt in such a way that if a developer-analyst executes dbt and specifies a model (say model A) that dbt would initially just read from the production tables/views and only run in “dev mode” for the model-A onwards?
Have other people solved this issue or is it generally assumed that dbt analysts will have read access to the entire database?
I am curious if you solved this, I am running into the same issue. I am thinking of referencing the tables that get created by those other models as sources, that way I can say use the production data instead of needing to build it per-developer. It’s not ideal in many ways, but I can’t see a better way of doing it.
I have an idea for this, though I haven’t deployed it into testing or production yet–but soon.
At the end of a DAG, having a permissioning script be enabled for particular Databases or Schemas. E…g
For some model fct_model_this
Having a subsequent query:
-- Permissions Overview PseudoQuery
GRANT SELECT ON TABLE {{ref('**fct_model_this**')}} to role analyst;