Data Lineage: VIEW LINEAGE privilege granted to the PUBLIC role¶

Users must use a role that has the VIEW LINEAGE privilege to execute the GET_LINEAGE function or use Snowsight to view the lineage of data and machine learning pipelines. This change affects which roles have the VIEW LINEAGE privilege by default.

Before the change:

By default, only the ACCOUNTADMIN role has the VIEW LINEAGE privilege. The account administrator must grant the privilege to other roles to allow users to execute the GET_LINEAGE function and view lineage in Snowsight.

After the change:

The PUBLIC role has the VIEW LINEAGE privilege, which means a user can use any role to execute the GET_LINEAGE function and view lineage in Snowsight.

This doesn’t mean that all roles and users can view lineage for all objects; users must still have privileges to access an object in order to view the lineage of that object.

After the change, if you want to limit who can access lineage, you’ll need to revoke the VIEW LINEAGE privilege from the PUBLIC role, then grant the privilege to other, more specific roles.

• For information about revoking the VIEW LINEAGE privilege, see REVOKE <privileges>.

• For information about granting the VIEW LINEAGE privilege to other roles, see Access control for lineage information.

Ref: 1933