- Connecting to Snowflake
- Loading Data into Snowflake
- Unloading Data from Snowflake
- Using Snowflake
- Sharing Data Securely in Snowflake
- Managing Your Snowflake Organization
- Managing Your Snowflake Account
- Managing Security in Snowflake
- Managing Governance in Snowflake
- Managing Cost in Snowflake
- General Reference
- SQL Command Reference
- Summary of Commands
- All Commands (Alphabetical)
- ALTER <object>
- ALTER ACCOUNT
- ALTER API INTEGRATION
- ALTER CONNECTION
- ALTER DATABASE
- ALTER EXTERNAL FUNCTION
- ALTER EXTERNAL TABLE
- ALTER FILE FORMAT
- ALTER FUNCTION
- ALTER INTEGRATION
- ALTER MASKING POLICY
- ALTER MATERIALIZED VIEW
- ALTER NETWORK POLICY
- ALTER NOTIFICATION INTEGRATION
- ALTER PIPE
- ALTER PROCEDURE
- ALTER RESOURCE MONITOR
- ALTER ROLE
- ALTER ROW ACCESS POLICY
- ALTER SCHEMA
- ALTER SECURITY INTEGRATION
- ALTER SEQUENCE
- ALTER SESSION
- ALTER SESSION POLICY
- ALTER SHARE
- ALTER STAGE
- ALTER STORAGE INTEGRATION
- ALTER STREAM
- ALTER TABLE
- ALTER TABLE … ALTER COLUMN
- ALTER TAG
- ALTER TASK
- ALTER USER
- ALTER VIEW
- ALTER WAREHOUSE
- BEGIN
- CALL
- COMMENT
- COMMIT
- COPY INTO <location>
- COPY INTO <table>
- CREATE <object>
- CREATE ACCOUNT
- CREATE API INTEGRATION
- CREATE <object> … CLONE
- CREATE CONNECTION
- CREATE DATABASE
- CREATE EXTERNAL FUNCTION
- CREATE EXTERNAL TABLE
- CREATE FILE FORMAT
- CREATE FUNCTION
- CREATE INTEGRATION
- CREATE MANAGED ACCOUNT
- CREATE MASKING POLICY
- CREATE MATERIALIZED VIEW
- CREATE NETWORK POLICY
- CREATE NOTIFICATION INTEGRATION
- CREATE PIPE
- CREATE PROCEDURE
- CREATE RESOURCE MONITOR
- CREATE ROLE
- CREATE ROW ACCESS POLICY
- CREATE SCHEMA
- CREATE SECURITY INTEGRATION
- CREATE SEQUENCE
- CREATE SESSION POLICY
- CREATE SHARE
- CREATE STAGE
- CREATE STORAGE INTEGRATION
- CREATE STREAM
- CREATE TABLE
- CREATE | ALTER TABLE … CONSTRAINT
- CREATE TAG
- CREATE TASK
- CREATE USER
- CREATE VIEW
- CREATE WAREHOUSE
- DELETE
- DESCRIBE <object>
- DESCRIBE EXTERNAL TABLE
- DESCRIBE FILE FORMAT
- DESCRIBE FUNCTION
- DESCRIBE INTEGRATION
- DESCRIBE MASKING POLICY
- DESCRIBE MATERIALIZED VIEW
- DESCRIBE NETWORK POLICY
- DESCRIBE PIPE
- DESCRIBE PROCEDURE
- DESCRIBE RESULT
- DESCRIBE ROW ACCESS POLICY
- DESCRIBE SEQUENCE
- DESCRIBE SESSION POLICY
- DESCRIBE SHARE
- DESCRIBE STAGE
- DESCRIBE STREAM
- DESCRIBE TABLE
- DESCRIBE TASK
- DESCRIBE USER
- DESCRIBE VIEW
- DROP <object>
- DROP CONNECTION
- DROP DATABASE
- DROP EXTERNAL TABLE
- DROP FILE FORMAT
- DROP FUNCTION
- DROP INTEGRATION
- DROP MANAGED ACCOUNT
- DROP MASKING POLICY
- DROP MATERIALIZED VIEW
- DROP NETWORK POLICY
- DROP PIPE
- DROP PROCEDURE
- DROP RESOURCE MONITOR
- DROP ROLE
- DROP ROW ACCESS POLICY
- DROP SCHEMA
- DROP SEQUENCE
- DROP SESSION POLICY
- DROP SHARE
- DROP STAGE
- DROP STREAM
- DROP TABLE
- DROP TAG
- DROP TASK
- DROP USER
- DROP VIEW
- DROP WAREHOUSE
- EXECUTE IMMEDIATE
- EXECUTE TASK
- EXPLAIN
- GET
- GRANT OWNERSHIP
- GRANT <privileges> … TO ROLE
- GRANT <privilege> … TO SHARE
- GRANT ROLE
- INSERT
- INSERT (multi-table)
- LIST
- MERGE
- PUT
- REMOVE
- REVOKE <privileges> … FROM ROLE
- REVOKE <privilege> … FROM SHARE
- REVOKE ROLE
- ROLLBACK
- SELECT
- SET
- SHOW <objects>
- SHOW COLUMNS
- SHOW CONNECTIONS
- SHOW DATABASES
- SHOW DELEGATED AUTHORIZATIONS
- SHOW EXTERNAL FUNCTIONS
- SHOW EXTERNAL TABLES
- SHOW FILE FORMATS
- SHOW FUNCTIONS
- SHOW GLOBAL ACCOUNTS
- SHOW GRANTS
- SHOW INTEGRATIONS
- SHOW LOCKS
- SHOW MANAGED ACCOUNTS
- SHOW MASKING POLICIES
- SHOW MATERIALIZED VIEWS
- SHOW NETWORK POLICIES
- SHOW OBJECTS
- SHOW ORGANIZATION ACCOUNTS
- SHOW PARAMETERS
- SHOW PIPES
- SHOW PRIMARY KEYS
- SHOW PROCEDURES
- SHOW REGIONS
- SHOW REPLICATION ACCOUNTS
- SHOW REPLICATION DATABASES
- SHOW RESOURCE MONITORS
- SHOW ROLES
- SHOW ROW ACCESS POLICIES
- SHOW SCHEMAS
- SHOW SEQUENCES
- SHOW SESSION POLICIES
- SHOW SHARES
- SHOW STAGES
- SHOW STREAMS
- SHOW TABLES
- SHOW TAGS
- SHOW TASKS
- SHOW TRANSACTIONS
- SHOW USER FUNCTIONS
- SHOW USERS
- SHOW VARIABLES
- SHOW VIEWS
- SHOW WAREHOUSES
- TRUNCATE MATERIALIZED VIEW
- TRUNCATE TABLE
- UNDROP <object>
- UNDROP DATABASE
- UNDROP SCHEMA
- UNDROP TABLE
- UNDROP TAG
- UNSET
- UPDATE
- USE <object>
- USE DATABASE
- USE ROLE
- USE SCHEMA
- USE SECONDARY ROLES
- USE WAREHOUSE
- DDL Commands
- DML Commands
- Query Syntax
- Query Operators
- SQL Function Reference
- Snowflake Scripting Reference
- API Reference
- Appendices
- Categories:
User & Security DDL (Access Control)
GRANT <privilege> … TO SHARE¶
Grants access privileges for databases and other supported database objects (schemas, UDFs, tables, and views) to a share. Granting privileges on these objects effectively adds the objects to the share, which can then be shared with one or more consumer accounts.
For more details, see Introduction to Secure Data Sharing and Working with Shares.
Syntax¶
GRANT objectPrivilege ON
{ DATABASE <name>
| SCHEMA <name>
| FUNCTION <name>
| { TABLE <name> | ALL TABLES IN SCHEMA <schema_name> }
| VIEW <name> }
TO SHARE <share_name>
Where:
objectPrivilege ::= -- For DATABASE, SCHEMA, or FUNCTION USAGE -- For TABLE or VIEW SELECT -- For DATABASE REFERENCE_USAGE
Parameters¶
name
Specifies the identifier for the object (database, schema, UDF, table, or secure view) for which the specified privilege is granted.
schema_name
Specifies the identifier for the schema for which the specified privilege is granted for all tables.
share_name
Specifies the identifier for the share from which the specified privilege is granted.
Usage Notes¶
The USAGE privilege on only a single database can be granted to a share; however, within that database, privileges on multiple schemas, UDFs, tables, and views can be granted to the share.
Privileges on individual objects must be granted to a share in separate GRANT statements. The only exception is the SELECT privilege on tables. Using an
ALL
clause, you can grant SELECT on all tables in a specified schema to a share.The SELECT privilege on views can only be granted on secure views. Attempting to grant the SELECT privilege on a non-secure view to a share returns an error.
The USAGE privilege can only be granted on secure UDFs. Attempting to grant the USAGE privilege on a non-secure UDF to a share returns an error.
Currently, sharing a UDF that references an object from another database is not supported. For example, if you attempt to grant USAGE on a UDF that references a secure view from another database, an error is returned.
Use the REFERENCE_USAGE privilege when sharing a secure view that references objects belonging to multiple databases, as follows:
The REFERENCE_USAGE privilege must be granted individually to each database.
The REFERENCE_USAGE privilege must be granted to a database before granting SELECT on a secure view to a share.
Examples¶
This is an example of sharing objects from a single database:
GRANT USAGE ON DATABASE mydb TO SHARE share1; GRANT USAGE ON SCHEMA mydb.public TO SHARE share1; GRANT USAGE ON FUNCTION mydb.shared_schema.function1 TO SHARE share1; GRANT USAGE ON FUNCTION mydb.shared_schema.function2 TO SHARE share1; GRANT SELECT ON ALL TABLES IN SCHEMA mydb.public TO SHARE share1; GRANT USAGE ON SCHEMA mydb.shared_schema TO SHARE share1; GRANT SELECT ON VIEW mydb.shared_schema.view1 TO SHARE share1; GRANT SELECT ON VIEW mydb.shared_schema.view3 TO SHARE share1;
This is an example of sharing a secure view that references objects from a different database:
CREATE SECURE VIEW view2 AS SELECT * FROM database2.public.sampletable; GRANT USAGE ON DATABASE database1 TO SHARE share1; GRANT USAGE ON SCHEMA database1.schema1 TO SHARE share1; GRANT REFERENCE_USAGE ON DATABASE database2 TO SHARE share1; GRANT SELECT ON VIEW view2 TO SHARE share1;