snowflake.core.database_role.DatabaseRoleResource¶

class snowflake.core.database_role.DatabaseRoleResource(name: str, collection: DatabaseRoleCollection)¶

Bases: ObjectReferenceMixin[DatabaseRoleCollection]

Represents a reference to a Snowflake database role.

With this database role reference, you can delete roles.

Attributes

database¶

The DatabaseResource this database role belongs to.

root¶

Methods

clone(target_database_role: str, target_database: str | None = None, mode: CreateMode = CreateMode.error_if_exists) → DatabaseRoleResource¶

Drop this database role.

Parameters:

  • target_database_role (str) – The name of the target database role to clone the database role to.

  • target_database (str, optional) – The name of the target database to clone the database role to. If not provided, the current database is used.

  • mode (CreateMode, optional) –

    One of the following enum values.

    CreateMode.error_if_exists: Throw an snowflake.core.exceptions.ConflictError if the database role already exists in Snowflake. Equivalent to SQL create database role <name> ....

    CreateMode.or_replace: Replace if the database role already exists in Snowflake. Equivalent to SQL create or replace database role <name> ....

    CreateMode.if_not_exists: Do nothing if the database role already exists in Snowflake. Equivalent to SQL create database role <name> if not exists...

    Default is CreateMode.error_if_exists.

Examples

Creating a database role clone using its reference:

>>> new_database_role_reference = database_role_reference.clone("new-role-name")
Copy
drop(if_exists: bool | None = None) → None¶

Drop this database role.

Parameters:

if_exists (bool) – Check the existence of this database role before dropping it. Default is None, which is equivalent to False.

Examples

Deleting a database role using its reference:

>>> database_role_reference.drop()
Copy

Deleting a database role using its reference if it exists:

>>> database_role_reference.drop(if_exists=True)
Copy
grant_future_privileges(privileges: List[str], securable_type: str, containing_scope: ContainingScope, grant_option: bool | None = None) → None¶

Grant privileges on all future securables matching the criteria to this database role.

Parameters:

  • privileges (List[str]) – The list of privileges to be granted.

  • securable_type (str) – The type of securable on which the privileges would be granted.

  • containing_scope (ContainingScope) – The criteria to match the securables.

  • grant_option (bool, optional) – If True, the grantee can grant the privilege to others. Default is None which means False.

Examples

Using a database role reference to grant privileges on all future schemas in a database to it:

>>> database_role_reference.grant_future_privileges(["CREATE", "USAGE"], "schema", ContainingScope(database="test_db"))
Copy
grant_privileges(privileges: List[str], securable_type: str, securable: Securable | None = None, grant_option: bool | None = None) → None¶

Grant privileges on a securable to this database role.

Parameters:

  • privileges (List[str]) – The list of privileges to be granted.

  • securable_type (str) – The type of securable on which the privileges would be granted.

  • securable (Securable, optional) – The securable on which the privileges would be granted. Default is None.

  • grant_option (bool, optional) – If True, the grantee can grant the privilege to others. Default is None which means False.

Examples

Using a database role reference to grant privileges to it:

>>> database_role_reference.grant_privileges(["CREATE", "USAGE"], "database", Securable(database="test_db"))
Copy
grant_privileges_on_all(privileges: List[str], securable_type: str, containing_scope: ContainingScope, grant_option: bool | None = None) → None¶

Grant privileges on all securables matching the criteria to this database role.

Parameters:

  • privileges (List[str]) – The list of privileges to be granted.

  • securable_type (str) – The type of securable on which the privileges would be granted.

  • containing_scope (ContainingScope) – The criteria to match the securables.

  • grant_option (bool, optional) – If True, the grantee can grant the privilege to others. Default is None which means False.

Examples

Using a database role reference to grant privileges on all schemas in a database to it:

>>> database_role_reference.grant_privileges_on_all(["CREATE", "USAGE"], "schema", ContainingScope(database="test_db"))
Copy
grant_role(role_type: str, role: Securable) → None¶

Grant a role to this database role.

Parameters:

  • role_type (str) – The type of role which would be granted.

  • role (Securable) – The role which would be granted.

Examples

Using a database role reference to grant a role to it:

>>> database_role_reference.grant("database role", Securable(name="test_role"))
Copy
iter_future_grants_to(show_limit: int | None = None) → Iterator[Grant]¶

List future grants to this database role.

Lists all privileges on new (i.e. future) objects of a specified type in a database or schema granted to the database role.

Parameters:

show_limit (int, optional) – Limit of the maximum number of rows returned by iter(). The default is None, which behaves equivalently to show_limit=10000. This value must be between 1 and 10000.

Examples

Using a database role reference to list future grants to it:

>>> database_role_reference.iter_future_grants_to()
Copy
iter_grants_to(show_limit: int | None = None) → Iterator[Grant]¶

List grants to this database role.

Lists all privileges and roles granted to the database role.

Parameters:

show_limit (int, optional) – Limit of the maximum number of rows returned by iter(). The default is None, which behaves equivalently to show_limit=10000. This value must be between 1 and 10000.

Examples

Using a database role reference to list grants to it:

>>> database_role_reference.iter_grants_to()
Copy
revoke_future_privileges(privileges: List[str], securable_type: str, containing_scope: ContainingScope, mode: DeleteMode | None = None) → None¶

Revoke privileges on all future securables matching the criteria from this database role.

Parameters:

  • privileges (List[str]) – The list of privileges to be revoked.

  • securable_type (str) – The type of securable on which the privileges would be revoked.

  • containing_scope (ContainingScope) – The criteria to match the securables.

  • mode (DeleteMode, optional) –

    One of the following enum values.

    DeleteMode.restrict: If the privilege being revoked has been re-granted to another role, the REVOKE command fails.

    DeleteMode.cascade: If the privilege being revoked has been re-granted, the REVOKE command recursively revokes these dependent grants. If the same privilege on an object has been granted to the target role by a different grantor (parallel grant), that grant is not affected and the target role retains the privilege.

    Default is None which is equivalent to DeleteMode.restrict.

Examples

Using a database role reference to revoke privileges on all future schemas in a database from it:

>>> database_role_reference.revoke_future_privileges(["CREATE", "USAGE"], "schema", ContainingScope(database="test_db"))
Copy
revoke_grant_option_for_future_privileges(privileges: List[str], securable_type: str, containing_scope: ContainingScope, mode: DeleteMode | None = None) → None¶

Revoke grant option for privileges on all future securables matching the criteria from this database role.

Parameters:

  • privileges (List[str]) – The list of privileges to be revoked.

  • securable_type (str) – The type of securable on which the privileges would be revoked.

  • containing_scope (ContainingScope) – The criteria to match the securables.

  • mode (DeleteMode, optional) –

    One of the following enum values.

    DeleteMode.restrict: If the privilege being revoked has been re-granted to another role, the REVOKE command fails.

    DeleteMode.cascade: If the privilege being revoked has been re-granted, the REVOKE command recursively revokes these dependent grants. If the same privilege on an object has been granted to the target role by a different grantor (parallel grant), that grant is not affected and the target role retains the privilege.

    Default is None which is equivalent to DeleteMode.restrict.

Examples

Using a database role reference to revoke grant option for privileges on all future schemas in a database from it:

>>> database_role_reference.revoke_grant_option_for_future_privileges(["CREATE", "USAGE"], "schema", ContainingScope(database="test_db"))
Copy
revoke_grant_option_for_privileges(privileges: List[str], securable_type: str, securable: Securable | None = None, mode: DeleteMode | None = None) → None¶

Revoke grant option for privileges on a securable from this database role.

Parameters:

  • privileges (List[str]) – The list of privileges to be revoked.

  • securable_type (str) – The type of securable on which the privileges would be revoked.

  • securable (Securable, optional) – The securable on which the privileges would be revoked. Default is None.

  • mode (DeleteMode, optional) –

    One of the following enum values.

    DeleteMode.restrict: If the privilege being revoked has been re-granted to another role, the REVOKE command fails.

    DeleteMode.cascade: If the privilege being revoked has been re-granted, the REVOKE command recursively revokes these dependent grants. If the same privilege on an object has been granted to the target role by a different grantor (parallel grant), that grant is not affected and the target role retains the privilege.

    Default is None which is equivalent to DeleteMode.restrict.

Examples

Using a database role reference to revoke grant option for privileges from it:

>>> database_role_reference.revoke_grant_option_for_privileges(["CREATE", "USAGE"], "database", Securable(database="test_db"))
Copy
revoke_grant_option_for_privileges_on_all(privileges: List[str], securable_type: str, containing_scope: ContainingScope, mode: DeleteMode | None = None) → None¶

Revoke grant option for privileges on all securables matching the criteria from this database role.

Parameters:

  • privileges (List[str]) – The list of privileges to be revoked.

  • securable_type (str) – The type of securable on which the privileges would be revoked.

  • containing_scope (ContainingScope) – The criteria to match the securables.

  • mode (DeleteMode, optional) –

    One of the following enum values.

    DeleteMode.restrict: If the privilege being revoked has been re-granted to another role, the REVOKE command fails.

    DeleteMode.cascade: If the privilege being revoked has been re-granted, the REVOKE command recursively revokes these dependent grants. If the same privilege on an object has been granted to the target role by a different grantor (parallel grant), that grant is not affected and the target role retains the privilege.

    Default is None which is equivalent to DeleteMode.restrict.

Examples

Using a database role reference to revoke grant option for privileges on all schemas in a database from it:

>>> database_role_reference.revoke_grant_option_for_privileges_on_all(["CREATE", "USAGE"], "schema", ContainingScope(database="test_db"))
Copy
revoke_privileges(privileges: List[str], securable_type: str, securable: Securable | None = None, mode: DeleteMode | None = None) → None¶

Revoke privileges on a securable from this database role.

Parameters:

  • privileges (List[str]) – The list of privileges to be revoked.

  • securable_type (str) – The type of securable on which the privileges would be revoked.

  • securable (Securable, optional) – The securable on which the privileges would be revoked. Default is None.

  • mode (DeleteMode, optional) –

    One of the following enum values.

    DeleteMode.restrict: If the privilege being revoked has been re-granted to another role, the REVOKE command fails.

    DeleteMode.cascade: If the privilege being revoked has been re-granted, the REVOKE command recursively revokes these dependent grants. If the same privilege on an object has been granted to the target role by a different grantor (parallel grant), that grant is not affected and the target role retains the privilege.

    Default is None which is equivalent to DeleteMode.restrict.

Examples

Using a database role reference to revoke privileges from it:

>>> database_role_reference.revoke_privileges(["CREATE", "USAGE"], "database", Securable(database="test_db"))
Copy
revoke_privileges_on_all(privileges: List[str], securable_type: str, containing_scope: ContainingScope, mode: DeleteMode | None = None) → None¶

Revoke privileges on all securables matching the criteria from this database role.

Parameters:

  • privileges (List[str]) – The list of privileges to be revoked.

  • securable_type (str) – The type of securable on which the privileges would be revoked.

  • containing_scope (ContainingScope) – The criteria to match the securables.

  • mode (DeleteMode, optional) –

    One of the following enum values.

    DeleteMode.restrict: If the privilege being revoked has been re-granted to another role, the REVOKE command fails.

    DeleteMode.cascade: If the privilege being revoked has been re-granted, the REVOKE command recursively revokes these dependent grants. If the same privilege on an object has been granted to the target role by a different grantor (parallel grant), that grant is not affected and the target role retains the privilege.

    Default is None which is equivalent to DeleteMode.restrict.

Examples

Using a database role reference to revoke privileges on all schemas in a database from it:

>>> database_role_reference.revoke_privileges_on_all(["CREATE", "USAGE"], "schema", ContainingScope(database="test_db"))
Copy
revoke_role(role_type: str, role: Securable) → None¶

Revoke a role from this database role.

Parameters:

  • role_type (str) – The type of role which would be revoked.

  • role (Securable) – The role which would be revoked.

Examples

Using a database role reference to revoke a role from it:

>>> database_role_reference.revoke("database role", Securable(name="test_role"))
Copy
Language: English