snowflake.core.role.RoleResource¶

class snowflake.core.role.RoleResource(name: str, collection: RoleCollection)¶

Bases: ObjectReferenceMixin[RoleCollection]

Represents a reference to a Snowflake role.

With this role reference, you can delete roles.

Attributes

root¶

The Root object this reference belongs to.

Methods

delete() → None¶

The delete() method is deprecated; use drop() instead.

drop(if_exists: bool | None = None) → None¶

Drop this role.

Parameters:

if_exists (bool, optional) – Check the existence of this role before dropping it. Default is None, which is equivalent to False.

Examples

Deleting a role using its reference:

>>> role_reference.drop()

Copy

drop_async(if_exists: bool | None = None) → PollingOperation[None]¶

An asynchronous version of drop().

Refer to PollingOperation for more information on asynchronous execution and the return type.

grant_future_privileges(privileges: list[str], securable_type: str, containing_scope: ContainingScope, grant_option: bool | None = None) → None¶

Grant privileges on all future securables matching the criteria to this role.

Parameters:

• privileges (list[str]) – The list of privileges to be granted.

• securable_type (str) – The type of securable on which the privileges would be granted.

• containing_scope (ContainingScope) – The criteria to match the securables.

• grant_option (bool, optional) – If True, the grantee can grant the privilege to others. Default is None which means False.

Examples

Using a role reference to grant privileges on all future schemas in a database to it:

>>> reference_role.grant_future_privileges(
...     ["CREATE", "USAGE"], "schema", ContainingScope(database="test_db")
... )

Copy

grant_future_privileges_async(privileges: list[str], securable_type: str, containing_scope: ContainingScope, grant_option: bool | None = None) → PollingOperation[None]¶

An asynchronous version of grant_future_privileges().

Refer to PollingOperation for more information on asynchronous execution and the return type.

grant_privileges(privileges: list[str], securable_type: str, securable: Securable | None = None, grant_option: bool | None = None) → None¶

Grant privileges on a securable to this role.

Parameters:

• privileges (list[str]) – The list of privileges to be granted.

• securable_type (str) – The type of securable on which the privileges would be granted.

• securable (Securable, optional) – The securable on which the privileges would be granted. Default is None.

• grant_option (bool, optional) – If True, the grantee can grant the privilege to others. Default is None which means False.

Examples

Using a role reference to grant privileges to it:

>>> reference_role.grant_privileges(["CREATE", "USAGE"], "database", Securable(database="test_db"))

Copy

grant_privileges_async(privileges: list[str], securable_type: str, securable: Securable | None = None, grant_option: bool | None = None) → PollingOperation[None]¶

An asynchronous version of grant_privileges().

Refer to PollingOperation for more information on asynchronous execution and the return type.

grant_privileges_on_all(privileges: list[str], securable_type: str, containing_scope: ContainingScope, grant_option: bool | None = None) → None¶

Grant privileges on all securables matching the criteria to this role.

Parameters:

• privileges (list[str]) – The list of privileges to be granted.

• securable_type (str) – The type of securable on which the privileges would be granted.

• containing_scope (ContainingScope) – The criteria to match the securables.

• grant_option (bool, optional) – If True, the grantee can grant the privilege to others. Default is None which means False.

Examples

Using a role reference to grant privileges on all schemas in a database to it:

>>> reference_role.grant_privileges_on_all(
...     ["CREATE", "USAGE"], "schema", ContainingScope(database="test_db")
... )

Copy

grant_privileges_on_all_async(privileges: list[str], securable_type: str, containing_scope: ContainingScope, grant_option: bool | None = None) → PollingOperation[None]¶

An asynchronous version of grant_privileges_on_all().

Refer to PollingOperation for more information on asynchronous execution and the return type.

grant_role(role_type: str, role: Securable) → None¶

Grant a role to this role.

Parameters:

• role_type (str) – The type of role which would be granted.

• role (Securable) – The role which would be granted.

Examples

Using a role reference to grant a role to it:

>>> reference_role.grant("role", Securable(name="test_role"))

Copy

grant_role_async(role_type: str, role: Securable) → PollingOperation[None]¶

An asynchronous version of grant_role().

Refer to PollingOperation for more information on asynchronous execution and the return type.

iter_future_grants_to(show_limit: int | None = None) → Iterator[Grant]¶

List future grants to this role.

Lists all privileges on new (i.e. future) objects of a specified type in a database or schema granted to the role.

Parameters:

show_limit (int, optional) – Limit of the maximum number of rows returned by iter(). The default is None, which behaves equivalently to show_limit=10000. This value must be between 1 and 10000.

Examples

Using a role reference to list future grants to it:

>>> reference_role.iter_future_grants_to()

Copy

iter_future_grants_to_async(show_limit: int | None = None) → PollingOperation[Iterator[Grant]]¶

An asynchronous version of iter_future_grants_to().

Refer to PollingOperation for more information on asynchronous execution and the return type.

iter_grants_of(show_limit: int | None = None) → Iterator[GrantOf]¶

List grants of this role.

Lists all users and roles to which the role has been granted.

Parameters:

show_limit (int, optional) – Limit of the maximum number of rows returned by iter(). The default is None, which behaves equivalently to show_limit=10000. This value must be between 1 and 10000.

Examples

Using a role reference to list grants of it:

>>> reference_role.iter_grants_of()

Copy

iter_grants_of_async(show_limit: int | None = None) → PollingOperation[Iterator[GrantOf]]¶

An asynchronous version of iter_grants_of().

Refer to PollingOperation for more information on asynchronous execution and the return type.

iter_grants_on(show_limit: int | None = None) → Iterator[GrantOn]¶

List grants on this role.

Lists all privileges that have been granted on the role.

Parameters:

show_limit (int, optional) – Limit of the maximum number of rows returned by iter(). The default is None, which behaves equivalently to show_limit=10000. This value must be between 1 and 10000.

Examples

Using a role reference to list grants on it:

>>> reference_role.iter_grants_on()

Copy

iter_grants_on_async(show_limit: int | None = None) → PollingOperation[Iterator[GrantOn]]¶

An asynchronous version of iter_grants_on().

Refer to PollingOperation for more information on asynchronous execution and the return type.

iter_grants_to(show_limit: int | None = None) → Iterator[Grant]¶

List grants to this role.

Lists all privileges and roles granted to the role.

Parameters:

show_limit (int, optional) – Limit of the maximum number of rows returned by iter(). The default is None, which behaves equivalently to show_limit=10000. This value must be between 1 and 10000.

Examples

Using a role reference to list grants to it:

>>> reference_role.iter_grants_to()

Copy

iter_grants_to_async(show_limit: int | None = None) → PollingOperation[Iterator[Grant]]¶

An asynchronous version of iter_grants_to().

Refer to PollingOperation for more information on asynchronous execution and the return type.

revoke_future_privileges(privileges: list[str], securable_type: str, containing_scope: ContainingScope, mode: DeleteMode | None = None) → None¶

Revoke privileges on all future securables matching the criteria from this role.

Parameters:

• privileges (list[str]) – The list of privileges to be revoked.

• securable_type (str) – The type of securable on which the privileges would be revoked.

• containing_scope (ContainingScope) – The criteria to match the securables.

• mode (DeleteMode, optional) –

  One of the following enum values.

  DeleteMode.restrict: If the privilege being revoked has been re-granted to another role, the REVOKE command fails.

  DeleteMode.cascade: If the privilege being revoked has been re-granted, the REVOKE command recursively revokes these dependent grants. If the same privilege on an object has been granted to the target role by a different grantor (parallel grant), that grant is not affected and the target role retains the privilege.

  Default is None which is equivalent to DeleteMode.restrict.

Examples

Using a role reference to revoke privileges on all future schemas in a database from it:

>>> reference_role.revoke_future_privileges(
...     ["CREATE", "USAGE"], "schema", ContainingScope(database="test_db")
... )

Copy

revoke_future_privileges_async(privileges: list[str], securable_type: str, containing_scope: ContainingScope, mode: DeleteMode | None = None) → PollingOperation[None]¶

An asynchronous version of revoke_future_privileges().

Refer to PollingOperation for more information on asynchronous execution and the return type.

revoke_grant_option_for_future_privileges(privileges: list[str], securable_type: str, containing_scope: ContainingScope, mode: DeleteMode | None = None) → None¶

Revoke grant option for privileges on all future securables matching the criteria from this role.

Parameters:

• privileges (list[str]) – The list of privileges to be revoked.

• securable_type (str) – The type of securable on which the privileges would be revoked.

• containing_scope (ContainingScope) – The criteria to match the securables.

• mode (DeleteMode, optional) –

  One of the following enum values.

  DeleteMode.restrict: If the privilege being revoked has been re-granted to another role, the REVOKE command fails.

  DeleteMode.cascade: If the privilege being revoked has been re-granted, the REVOKE command recursively revokes these dependent grants. If the same privilege on an object has been granted to the target role by a different grantor (parallel grant), that grant is not affected and the target role retains the privilege.

  Default is None which is equivalent to DeleteMode.restrict.

Examples

Using a role reference to revoke grant option for privileges on all future schemas in a database from it:

>>> reference_role.revoke_grant_option_for_future_privileges(
...     ["CREATE", "USAGE"], "schema", ContainingScope(database="test_db")
... )

Copy

revoke_grant_option_for_future_privileges_async(privileges: list[str], securable_type: str, containing_scope: ContainingScope, mode: DeleteMode | None = None) → PollingOperation[None]¶

An asynchronous version of revoke_grant_option_for_future_privileges().

Refer to PollingOperation for more information on asynchronous execution and the return type.

revoke_grant_option_for_privileges(privileges: list[str], securable_type: str, securable: Securable | None = None, mode: DeleteMode | None = None) → None¶

Revoke grant option for privileges on a securable from this role.

Parameters:

• privileges (list[str]) – The list of privileges to be revoked.

• securable_type (str) – The type of securable on which the privileges would be revoked.

• securable (Securable, optional) – The securable on which the privileges would be revoked. Default is None.

• mode (DeleteMode, optional) –

  One of the following enum values.

  DeleteMode.restrict: If the privilege being revoked has been re-granted to another role, the REVOKE command fails.

  DeleteMode.cascade: If the privilege being revoked has been re-granted, the REVOKE command recursively revokes these dependent grants. If the same privilege on an object has been granted to the target role by a different grantor (parallel grant), that grant is not affected and the target role retains the privilege.

  Default is None which is equivalent to DeleteMode.restrict.

Examples

Using a role reference to revoke grant option for privileges from it:

>>> reference_role.revoke_grant_option_for_privileges(
...     ["CREATE", "USAGE"], "database", Securable(database="test_db")
... )

Copy

revoke_grant_option_for_privileges_async(privileges: list[str], securable_type: str, securable: Securable | None = None, mode: DeleteMode | None = None) → PollingOperation[None]¶

An asynchronous version of revoke_grant_option_for_privileges().

Refer to PollingOperation for more information on asynchronous execution and the return type.

revoke_grant_option_for_privileges_on_all(privileges: list[str], securable_type: str, containing_scope: ContainingScope, mode: DeleteMode | None = None) → None¶

Revoke grant option for privileges on all securables matching the criteria from this role.

Parameters:

• privileges (list[str]) – The list of privileges to be revoked.

• securable_type (str) – The type of securable on which the privileges would be revoked.

• containing_scope (ContainingScope) – The criteria to match the securables.

• mode (DeleteMode, optional) –

  One of the following enum values.

  DeleteMode.restrict: If the privilege being revoked has been re-granted to another role, the REVOKE command fails.

  DeleteMode.cascade: If the privilege being revoked has been re-granted, the REVOKE command recursively revokes these dependent grants. If the same privilege on an object has been granted to the target role by a different grantor (parallel grant), that grant is not affected and the target role retains the privilege.

  Default is None which is equivalent to DeleteMode.restrict.

Examples

Using a role reference to revoke grant option for privileges on all schemas in a database from it:

>>> reference_role.revoke_grant_option_for_privileges_on_all(
...     ["CREATE", "USAGE"], "schema", ContainingScope(database="test_db")
... )

Copy

revoke_grant_option_for_privileges_on_all_async(privileges: list[str], securable_type: str, containing_scope: ContainingScope, mode: DeleteMode | None = None) → PollingOperation[None]¶

An asynchronous version of revoke_grant_option_for_privileges_on_all().

Refer to PollingOperation for more information on asynchronous execution and the return type.

revoke_privileges(privileges: list[str], securable_type: str, securable: Securable | None = None, mode: DeleteMode | None = None) → None¶

Revoke privileges on a securable from this role.

Parameters:

• privileges (list[str]) – The list of privileges to be revoked.

• securable_type (str) – The type of securable on which the privileges would be revoked.

• securable (Securable, optional) – The securable on which the privileges would be revoked. Default is None.

• mode (DeleteMode, optional) –

  One of the following enum values.

  DeleteMode.restrict: If the privilege being revoked has been re-granted to another role, the REVOKE command fails.

  DeleteMode.cascade: If the privilege being revoked has been re-granted, the REVOKE command recursively revokes these dependent grants. If the same privilege on an object has been granted to the target role by a different grantor (parallel grant), that grant is not affected and the target role retains the privilege.

  Default is None which is equivalent to DeleteMode.restrict.

Examples

Using a role reference to revoke privileges from it:

>>> reference_role.revoke_privileges(["CREATE", "USAGE"], "database", Securable(database="test_db"))

Copy

revoke_privileges_async(privileges: list[str], securable_type: str, securable: Securable | None = None, mode: DeleteMode | None = None) → PollingOperation[None]¶

An asynchronous version of revoke_privileges().

Refer to PollingOperation for more information on asynchronous execution and the return type.

revoke_privileges_on_all(privileges: list[str], securable_type: str, containing_scope: ContainingScope, mode: DeleteMode | None = None) → None¶

Revoke privileges on all securables matching the criteria from this role.

Parameters:

• privileges (list[str]) – The list of privileges to be revoked.

• securable_type (str) – The type of securable on which the privileges would be revoked.

• containing_scope (ContainingScope) – The criteria to match the securables.

• mode (DeleteMode, optional) –

  One of the following enum values.

  DeleteMode.restrict: If the privilege being revoked has been re-granted to another role, the REVOKE command fails.

  DeleteMode.cascade: If the privilege being revoked has been re-granted, the REVOKE command recursively revokes these dependent grants. If the same privilege on an object has been granted to the target role by a different grantor (parallel grant), that grant is not affected and the target role retains the privilege.

  Default is None which is equivalent to DeleteMode.restrict.

Examples

Using a role reference to revoke privileges on all schemas in a database from it:

>>> reference_role.revoke_privileges_on_all(
...     ["CREATE", "USAGE"], "schema", ContainingScope(database="test_db")
... )

Copy

revoke_privileges_on_all_async(privileges: list[str], securable_type: str, containing_scope: ContainingScope, mode: DeleteMode | None = None) → PollingOperation[None]¶

An asynchronous version of revoke_privileges_on_all().

Refer to PollingOperation for more information on asynchronous execution and the return type.

revoke_role(role_type: str, role: Securable) → None¶

Revoke a role from this role.

Parameters:

• role_type (str) – The type of role which would be revoked.

• role (Securable) – The role which would be revoked.

Examples

Using a role reference to revoke a role from it:

>>> reference_role.revoke("role", Securable(name="test_role"))

Copy

revoke_role_async(role_type: str, role: Securable) → PollingOperation[None]¶

An asynchronous version of revoke_role().

Refer to PollingOperation for more information on asynchronous execution and the return type.