REGISTER_TEMPLATE
|
Default registry: GRANT_PRIVILEGE_ON_ACCOUNT_TO_ROLE('REGISTER TEMPLATE', 'role name')
Custom registry: You have read and write privileges on any custom registry that you created yourself. To access a custom registry created by another user, you need GRANT_PRIVILEGE_ON_OBJECT_TO_ROLE('REGISTER', 'REGISTRY', 'registry name', 'role name').
|
VIEW_REGISTERED_TEMPLATES
|
Default registry:
GRANT_PRIVILEGE_ON_ACCOUNT_TO_ROLE('VIEW REGISTERED TEMPLATES', 'role name')
GRANT_PRIVILEGE_ON_ACCOUNT_TO_ROLE('CREATE COLLABORATION', 'role name'), plus all additional account-level privileges
GRANT_PRIVILEGE_ON_ACCOUNT_TO_ROLE('JOIN COLLABORATION', 'role name'), plus all additional account-level privileges
Custom registry: You have read and write privileges on any custom registry that you created yourself. To access a custom registry created by another user, you need GRANT_PRIVILEGE_ON_OBJECT_TO_ROLE('READ', 'REGISTRY', 'registry name', 'role name').
|
ADD_TEMPLATE_REQUEST
|
GRANT_PRIVILEGE_ON_OBJECT_TO_ROLE('UPDATE', 'COLLABORATION', 'collaboration name', 'role name')
GRANT_PRIVILEGE_ON_ACCOUNT_TO_ROLE('CREATE COLLABORATION', 'role name'), plus all additional account-level privileges
GRANT_PRIVILEGE_ON_ACCOUNT_TO_ROLE('JOIN COLLABORATION', 'role name'), plus all additional account-level privileges
If the template is in a custom registry, or references a code spec in a custom registry, you must also have the READ privilege on the registry.
|
REMOVE_TEMPLATE
|
GRANT_PRIVILEGE_ON_OBJECT_TO_ROLE('UPDATE', 'COLLABORATION', 'collaboration name', 'role name')
GRANT_PRIVILEGE_ON_ACCOUNT_TO_ROLE('CREATE COLLABORATION', 'role name'), plus all additional account-level privileges
GRANT_PRIVILEGE_ON_ACCOUNT_TO_ROLE('JOIN COLLABORATION', 'role name'), plus all additional account-level privileges
|
VIEW_TEMPLATES
|
GRANT_PRIVILEGE_ON_OBJECT_TO_ROLE('VIEW TEMPLATES', 'COLLABORATION', 'collaboration name', 'role name')
GRANT_PRIVILEGE_ON_OBJECT_TO_ROLE('READ', 'COLLABORATION', 'collaboration name', 'role name')
GRANT_PRIVILEGE_ON_ACCOUNT_TO_ROLE('CREATE COLLABORATION', 'role name'), plus all additional account-level privileges
GRANT_PRIVILEGE_ON_ACCOUNT_TO_ROLE('JOIN COLLABORATION', 'role name'), plus all additional account-level privileges
Additionally, to see objects registered in a custom registry, you need the READ privilege on that registry.
|
ENABLE_TEMPLATE_AUTO_APPROVAL
|
GRANT_PRIVILEGE_ON_OBJECT_TO_ROLE('MANAGE TEMPLATE AUTO APPROVAL', 'COLLABORATION', 'collaboration name', 'role name')
GRANT_PRIVILEGE_ON_OBJECT_TO_ROLE('UPDATE', 'COLLABORATION', 'collaboration name', 'role name')
GRANT_PRIVILEGE_ON_ACCOUNT_TO_ROLE('CREATE COLLABORATION', 'role name'), plus all additional account-level privileges
GRANT_PRIVILEGE_ON_ACCOUNT_TO_ROLE('JOIN COLLABORATION', 'role name'), plus all additional account-level privileges
|
DISABLE_TEMPLATE_AUTO_APPROVAL
|
GRANT_PRIVILEGE_ON_OBJECT_TO_ROLE('MANAGE TEMPLATE AUTO APPROVAL', 'COLLABORATION', 'collaboration name', 'role name')
GRANT_PRIVILEGE_ON_OBJECT_TO_ROLE('UPDATE', 'COLLABORATION', 'collaboration name', 'role name')
GRANT_PRIVILEGE_ON_ACCOUNT_TO_ROLE('CREATE COLLABORATION', 'role name'), plus all additional account-level privileges
GRANT_PRIVILEGE_ON_ACCOUNT_TO_ROLE('JOIN COLLABORATION', 'role name'), plus all additional account-level privileges
|
GET_CONFIGURATION
|
GRANT_PRIVILEGE_ON_OBJECT_TO_ROLE('MANAGE TEMPLATE AUTO APPROVAL', 'COLLABORATION', 'collaboration name', 'role name')
GRANT_PRIVILEGE_ON_OBJECT_TO_ROLE('READ', 'COLLABORATION', 'collaboration name', 'role name')
GRANT_PRIVILEGE_ON_ACCOUNT_TO_ROLE('CREATE COLLABORATION', 'role name'), plus all additional account-level privileges
GRANT_PRIVILEGE_ON_ACCOUNT_TO_ROLE('JOIN COLLABORATION', 'role name'), plus all additional account-level privileges
|
SET_CONFIGURATION
|
GRANT_PRIVILEGE_ON_OBJECT_TO_ROLE('MANAGE TEMPLATE AUTO APPROVAL', 'COLLABORATION', 'collaboration name', 'role name')
GRANT_PRIVILEGE_ON_OBJECT_TO_ROLE('UPDATE', 'COLLABORATION', 'collaboration name', 'role name')
GRANT_PRIVILEGE_ON_ACCOUNT_TO_ROLE('CREATE COLLABORATION', 'role name'), plus all additional account-level privileges
GRANT_PRIVILEGE_ON_ACCOUNT_TO_ROLE('JOIN COLLABORATION', 'role name'), plus all additional account-level privileges
|
REGISTER_DATA_OFFERING
|
Default registry: GRANT_PRIVILEGE_ON_ACCOUNT_TO_ROLE('REGISTER DATA OFFERING', 'role name')
Custom registry: You have read and write privileges on any custom registry that you created yourself. To access a custom
registry created by another user, you need GRANT_PRIVILEGE_ON_OBJECT_TO_ROLE('REGISTER', 'REGISTRY', 'registry name', 'role name').
Additionally, the caller needs the following RBAC privileges:
SELECT on the source table/view. USAGE on the database and schema containing the source table. USAGE on any policy objects referenced in the spec.
|
LINK_DATA_OFFERING
|
GRANT_PRIVILEGE_ON_ACCOUNT_TO_ROLE('CREATE COLLABORATION', 'role name'), plus all additional account-level privileges
GRANT_PRIVILEGE_ON_ACCOUNT_TO_ROLE('JOIN COLLABORATION', 'role name'), plus all additional account-level privileges
Additionally, the caller must have the REFERENCE_USAGE privilege with GRANT OPTION on any data to be shared. If you don’t, you’ll get a “missing reference usage grant” error. Learn how to handle this issue.
If the data offering is in a custom registry, you must also have privileges granted by calling GRANT_PRIVILEGE_ON_OBJECT_TO_ROLE('READ', 'REGISTRY', 'registry name', 'role name').
|
UNLINK_DATA_OFFERING
|
GRANT_PRIVILEGE_ON_ACCOUNT_TO_ROLE('CREATE COLLABORATION', 'role name'), plus all additional account-level privileges
GRANT_PRIVILEGE_ON_ACCOUNT_TO_ROLE('JOIN COLLABORATION', 'role name'), plus all additional account-level privileges
The UPDATE privilege on a collaboration doesn’t grant access to this procedure. Additionally, only the role that called JOIN can successfully unlink data offerings, because the underlying share is owned by the joining role.
|
LINK_LOCAL_DATA_OFFERING
|
GRANT_PRIVILEGE_ON_OBJECT_TO_ROLE('UPDATE', 'COLLABORATION', 'collaboration name', 'role name')
GRANT_PRIVILEGE_ON_ACCOUNT_TO_ROLE('CREATE COLLABORATION', 'role name'), plus all additional account-level privileges
GRANT_PRIVILEGE_ON_ACCOUNT_TO_ROLE('JOIN COLLABORATION', 'role name'), plus all additional account-level privileges
|
UNLINK_LOCAL_DATA_OFFERING
|
GRANT_PRIVILEGE_ON_OBJECT_TO_ROLE('UPDATE', 'COLLABORATION', 'collaboration name', 'role name')
GRANT_PRIVILEGE_ON_ACCOUNT_TO_ROLE('CREATE COLLABORATION', 'role name'), plus all additional account-level privileges
GRANT_PRIVILEGE_ON_ACCOUNT_TO_ROLE('JOIN COLLABORATION', 'role name'), plus all additional account-level privileges
|
VIEW_REGISTERED_DATA_OFFERINGS
|
Default registry:
GRANT_PRIVILEGE_ON_ACCOUNT_TO_ROLE('VIEW REGISTERED DATA OFFERINGS', 'role name')
GRANT_PRIVILEGE_ON_ACCOUNT_TO_ROLE('CREATE COLLABORATION', 'role name'), plus all additional account-level privileges
GRANT_PRIVILEGE_ON_ACCOUNT_TO_ROLE('JOIN COLLABORATION', 'role name'), plus all additional account-level privileges
Custom registry: You have read and write privileges on any custom registry that you created yourself. To access a custom registry created by another user, you need GRANT_PRIVILEGE_ON_OBJECT_TO_ROLE('READ', 'REGISTRY', 'registry name', 'role name').
|
VIEW_DATA_OFFERINGS
|
GRANT_PRIVILEGE_ON_OBJECT_TO_ROLE('VIEW DATA OFFERINGS', 'COLLABORATION', 'collaboration name', 'role name')
GRANT_PRIVILEGE_ON_OBJECT_TO_ROLE('READ', 'COLLABORATION', 'collaboration name', 'role name')
GRANT_PRIVILEGE_ON_ACCOUNT_TO_ROLE('CREATE COLLABORATION', 'role name'), plus all additional account-level privileges
GRANT_PRIVILEGE_ON_ACCOUNT_TO_ROLE('JOIN COLLABORATION', 'role name'), plus all additional account-level privileges
Additionally, to see objects registered in a custom registry, you need the READ privilege on that registry.
|
REGISTER_CODE_SPEC
|
Default registry: GRANT_PRIVILEGE_ON_ACCOUNT_TO_ROLE('REGISTER CODE SPEC', 'role name')
Custom registry: You have read and write privileges on any custom registry that you created yourself. To access a custom registry created by another user, you need GRANT_PRIVILEGE_ON_OBJECT_TO_ROLE('REGISTER', 'REGISTRY', 'registry name', 'role name').
|
VIEW_REGISTERED_CODE_SPECS
|
Default registry:
GRANT_PRIVILEGE_ON_ACCOUNT_TO_ROLE('VIEW REGISTERED CODE SPECS', 'role name')
GRANT_PRIVILEGE_ON_ACCOUNT_TO_ROLE('CREATE COLLABORATION', 'role name'), plus all additional account-level privileges
GRANT_PRIVILEGE_ON_ACCOUNT_TO_ROLE('JOIN COLLABORATION', 'role name'), plus all additional account-level privileges
Custom registry: You have read and write privileges on any custom registry that you created yourself. To access a custom registry created by another user, you need GRANT_PRIVILEGE_ON_OBJECT_TO_ROLE('READ', 'REGISTRY', 'registry name', 'role name').
|
VIEW_CODE_SPECS
|
GRANT_PRIVILEGE_ON_OBJECT_TO_ROLE('READ', 'COLLABORATION', 'collaboration name', 'role name')
GRANT_PRIVILEGE_ON_ACCOUNT_TO_ROLE('CREATE COLLABORATION', 'role name'), plus all additional account-level privileges
GRANT_PRIVILEGE_ON_ACCOUNT_TO_ROLE('JOIN COLLABORATION', 'role name'), plus all additional account-level privileges
Additionally, to see objects registered in a custom registry, you need the READ privilege on that registry.
|
VIEW_UPDATE_REQUESTS
|
GRANT_PRIVILEGE_ON_OBJECT_TO_ROLE('READ', 'COLLABORATION', 'collaboration name', 'role name')
GRANT_PRIVILEGE_ON_OBJECT_TO_ROLE('UPDATE', 'COLLABORATION', 'collaboration name', 'role name')
GRANT_PRIVILEGE_ON_ACCOUNT_TO_ROLE('CREATE COLLABORATION', 'role name'), plus all additional account-level privileges
GRANT_PRIVILEGE_ON_ACCOUNT_TO_ROLE('JOIN COLLABORATION', 'role name'), plus all additional account-level privileges
|
APPROVE_UPDATE_REQUEST
|
GRANT_PRIVILEGE_ON_OBJECT_TO_ROLE('MANAGE UPDATE REQUEST', 'COLLABORATION', 'collaboration name', 'role name')
GRANT_PRIVILEGE_ON_OBJECT_TO_ROLE('UPDATE', 'COLLABORATION', 'collaboration name', 'role name')
GRANT_PRIVILEGE_ON_ACCOUNT_TO_ROLE('CREATE COLLABORATION', 'role name'), plus all additional account-level privileges
GRANT_PRIVILEGE_ON_ACCOUNT_TO_ROLE('JOIN COLLABORATION', 'role name'), plus all additional account-level privileges
|
REJECT_UPDATE_REQUEST
|
GRANT_PRIVILEGE_ON_OBJECT_TO_ROLE('MANAGE UPDATE REQUEST', 'COLLABORATION', 'collaboration name', 'role name')
GRANT_PRIVILEGE_ON_OBJECT_TO_ROLE('UPDATE', 'COLLABORATION', 'collaboration name', 'role name')
GRANT_PRIVILEGE_ON_ACCOUNT_TO_ROLE('CREATE COLLABORATION', 'role name'), plus all additional account-level privileges
GRANT_PRIVILEGE_ON_ACCOUNT_TO_ROLE('JOIN COLLABORATION', 'role name'), plus all additional account-level privileges
|
INITIALIZE
|
See GRANT_PRIVILEGE_ON_ACCOUNT_TO_ROLE for additional required role permissions.
|
TEARDOWN
|
GRANT_PRIVILEGE_ON_ACCOUNT_TO_ROLE('CREATE COLLABORATION', 'role name'), plus all additional account-level privileges
GRANT_PRIVILEGE_ON_ACCOUNT_TO_ROLE('JOIN COLLABORATION', 'role name'), plus all additional account-level privileges
See GRANT_PRIVILEGE_ON_ACCOUNT_TO_ROLE for additional required role permissions.
|
GET_STATUS
|
GRANT_PRIVILEGE_ON_OBJECT_TO_ROLE('READ', 'COLLABORATION', 'collaboration name', 'role name')
GRANT_PRIVILEGE_ON_ACCOUNT_TO_ROLE('CREATE COLLABORATION', 'role name'), plus all additional account-level privileges
GRANT_PRIVILEGE_ON_ACCOUNT_TO_ROLE('JOIN COLLABORATION', 'role name'), plus all additional account-level privileges
|
ENABLE_EXTERNAL_TABLE_ANALYSIS _FOR_COLLABORATION
|
You must use a role that has been granted the MANAGE FIREWALL_CONFIGURATION privilege on the account. |
VIEW_COLLABORATIONS
|
GRANT_PRIVILEGE_ON_ACCOUNT_TO_ROLE('VIEW COLLABORATIONS', 'role name')
GRANT_PRIVILEGE_ON_OBJECT_TO_ROLE('READ', 'COLLABORATION', 'collaboration name', 'role name')
GRANT_PRIVILEGE_ON_OBJECT_TO_ROLE('RUN', 'COLLABORATION', 'collaboration name', 'role name')
GRANT_PRIVILEGE_ON_ACCOUNT_TO_ROLE('CREATE COLLABORATION', 'role name'), plus all additional account-level privileges
GRANT_PRIVILEGE_ON_ACCOUNT_TO_ROLE('JOIN COLLABORATION', 'role name'), plus all additional account-level privileges
|
REVIEW
|
GRANT_PRIVILEGE_ON_ACCOUNT_TO_ROLE('REVIEW COLLABORATION', 'role name')
GRANT_PRIVILEGE_ON_ACCOUNT_TO_ROLE('CREATE COLLABORATION', 'role name'), plus all additional account-level privileges
GRANT_PRIVILEGE_ON_ACCOUNT_TO_ROLE('JOIN COLLABORATION', 'role name'), plus all additional account-level privileges
See GRANT_PRIVILEGE_ON_ACCOUNT_TO_ROLE for additional required role permissions.
|
JOIN
|
GRANT_PRIVILEGE_ON_ACCOUNT_TO_ROLE('CREATE COLLABORATION', 'role name'), plus all additional account-level privileges
GRANT_PRIVILEGE_ON_ACCOUNT_TO_ROLE('JOIN COLLABORATION', 'role name'), plus all additional account-level privileges
See GRANT_PRIVILEGE_ON_ACCOUNT_TO_ROLE for additional required role permissions.
|
LEAVE
|
GRANT_PRIVILEGE_ON_ACCOUNT_TO_ROLE('CREATE COLLABORATION', 'role name'), plus all additional account-level privileges
GRANT_PRIVILEGE_ON_ACCOUNT_TO_ROLE('JOIN COLLABORATION', 'role name'), plus all additional account-level privileges
See GRANT_PRIVILEGE_ON_ACCOUNT_TO_ROLE for additional required role permissions.
|
RUN
|
GRANT_PRIVILEGE_ON_OBJECT_TO_ROLE('RUN', 'COLLABORATION', 'collaboration name', 'role name')
GRANT_PRIVILEGE_ON_ACCOUNT_TO_ROLE('CREATE COLLABORATION', 'role name'), plus all additional account-level privileges
GRANT_PRIVILEGE_ON_ACCOUNT_TO_ROLE('JOIN COLLABORATION', 'role name'), plus all additional account-level privileges
|
VIEW_ACTIVATIONS
|
GRANT_PRIVILEGE_ON_OBJECT_TO_ROLE('VIEW ACTIVATIONS', 'COLLABORATION', 'collaboration name', 'role name')
GRANT_PRIVILEGE_ON_OBJECT_TO_ROLE('RUN', 'COLLABORATION', 'collaboration name', 'role name')
GRANT_PRIVILEGE_ON_ACCOUNT_TO_ROLE('CREATE COLLABORATION', 'role name'), plus all additional account-level privileges
GRANT_PRIVILEGE_ON_ACCOUNT_TO_ROLE('JOIN COLLABORATION', 'role name'), plus all additional account-level privileges
|
PROCESS_ACTIVATION
|
GRANT_PRIVILEGE_ON_OBJECT_TO_ROLE('PROCESS ACTIVATION', 'COLLABORATION', 'collaboration name', 'role name')
GRANT_PRIVILEGE_ON_ACCOUNT_TO_ROLE('CREATE COLLABORATION', 'role name'), plus all additional account-level privileges
GRANT_PRIVILEGE_ON_ACCOUNT_TO_ROLE('JOIN COLLABORATION', 'role name'), plus all additional account-level privileges
|
CREATE_REGISTRY
|
|
VIEW_REGISTRIES
|
GRANT_PRIVILEGE_ON_ACCOUNT_TO_ROLE('VIEW REGISTRIES', 'role name')
GRANT_PRIVILEGE_ON_ACCOUNT_TO_ROLE('CREATE COLLABORATION', 'role name')
GRANT_PRIVILEGE_ON_ACCOUNT_TO_ROLE('JOIN COLLABORATION', 'role name')
GRANT_PRIVILEGE_ON_ACCOUNT_TO_ROLE('CREATE REGISTRY', 'role name')
|
GRANT_PRIVILEGE_ON_OBJECT_TO_ROLE
|
For collaboration objects: Any role with CREATE COLLABORATION or JOIN COLLABORATION can call this procedure on any collaboration. For registry objects: Only the role that created the registry can call this procedure on that registry.
|
GRANT_PRIVILEGE_ON_ACCOUNT_TO_ROLE
|
You need the ACCOUNTADMIN role, or a role with the MANAGE GRANTS global privilege, to run this procedure. |