Using Grants in a target-specific way

Hello ,
Dbt version :1.2
We have 3 git branches
develop - pointing to GCP dev project
uat - pointing to GCP uat project
prod - pointing to GCP prod project.
If we use the Grant in models/schema.yml file as below , when the models gets executed in dev,uat and prod the required access will granted in all the 3 environments.

  • name: student
    description: “student table”
    roles/bigquery.dataViewer: [‘’]

I want this role to be granted in specific target . For eg: i want above grant to be applied in uat environment only.

Any thoughts on this and how to achieve the same.

Thanks in Advance

Do you mean that there are certain users who should only have dataViewer access to the UAT versions of the tables?

Yes, User should have view access to UAT environment only. The same user should not have access to dev and prod environment even if we ran the models in dev and prod.

OK I spent some time looking at the documentation today and I don’t think that’s currently supported with the grants out of the box, so you have a few options:

Hello ,

Is this option possible in sql model??

{{ config(materialized=‘table’ }}

{% if == ‘uat’ %}
{{ config(grants = {‘roles/bigquery.dataViewer’: [‘’]}) }}
{% endif %}

select *
from …

I think we can multiple config in sql model. Please correct me if am wrong.? if yes, think Above should should work?


That’s a really good idea! I don’t know if it would work offhand, but please give it a go and report back!


It work’s , I have defined it as below.

{% if == 'dev' %}
    {{ config(grants = {'roles/bigquery.dataViewer': ['']}) }}

{% elif == 'uat' %}
    {{ config(grants = {'roles/bigquery.dataViewer': ['']}) }}

{% elif == 'prod' %}
    {{ config(grants = {'roles/bigquery.dataViewer': ['']}) }}
{% endif %} 

But we don’t want this to be added in SQL Models.

We need it to be part of models/schema.yml file.

Can you please share the Git dbt core repo details so that i can raise ticket.

Minhaj Pasha

This is good to know! Thanks for reporting back.

Understood - the issues page for the Core repo is Issues · dbt-labs/dbt-core · GitHub.

I’m going to mark your post as the solution - although it doesn’t work for your use case, it might be useful for other people who come across this in the future :star2:

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.