BIND SERVICE ENDPOINT granted to PUBLIC role¶

The BIND SERVICE ENDPOINT on ACCOUNT privilege will be automatically granted to the PUBLIC role.

Before the change:

The BIND SERVICE ENDPOINT on ACCOUNT privilege is initially only granted to ACCOUNTADMIN, and ACCOUNTADMIN needs to grant it to other roles to allow them to create SPCS services that offer public authorized ingress.

After the change:

The BIND SERVICE ENDPOINT on ACCOUNT privilege will be automatically granted to the PUBLIC role. The PUBLIC role is automatically granted to all users and roles, so this allows all users in the account who were already sufficiently authorized to create SPCS services, to offer services that allow authenticated ingress with no additional grants. Administrators who want to limit access to this feature may revoke the privilege from the PUBLIC role and continue to grant the privilege to specific roles.

CopyExpand

-- Revoke from PUBLIC
REVOKE BIND SERVICE ENDPOINT ON ACCOUNT FROM ROLE PUBLIC;

-- Optionally grant to specific roles
GRANT BIND SERVICE ENDPOINT ON ACCOUNT TO ROLE my_role;

Show lessSee more

Scroll to top

For more details, see Service networking.

Ref: 2321