snowflake.core.database_role.DatabaseRoleResource¶

class snowflake.core.database_role.DatabaseRoleResource(name: str, collection: DatabaseRoleCollection)¶

Bases: DatabaseObjectReferenceMixin[DatabaseRoleCollection]

Represents a reference to a Snowflake database role.

With this database role reference, you can delete roles.

Attributes

database¶

The DatabaseResource this reference belongs to.

qualified_name¶

Return the qualified name of the object this reference points to.

root¶

The Root object this reference belongs to.

Methods

clone(target_database_role: str, target_database: str | None = None, mode: CreateMode = CreateMode.error_if_exists) → DatabaseRoleResource¶

Drop this database role.

Parameters:

• target_database_role (str) – The name of the target database role to clone the database role to.

• target_database (str, optional) – The name of the target database to clone the database role to. If not provided, the current database is used.

• mode (CreateMode, optional) –

  One of the following enum values.

  CreateMode.error_if_exists: Throw an snowflake.core.exceptions.ConflictError if the database role already exists in Snowflake. Equivalent to SQL create database role <name> ....

  CreateMode.or_replace: Replace if the database role already exists in Snowflake. Equivalent to SQL create or replace database role <name> ....

  CreateMode.if_not_exists: Do nothing if the database role already exists in Snowflake. Equivalent to SQL create database role <name> if not exists...

  Default is CreateMode.error_if_exists.

Examples

Creating a database role clone using its reference:

>>> new_database_role_reference = database_role_reference.clone("new-role-name")

Copy

clone_async(target_database_role: str, target_database: str | None = None, mode: CreateMode = CreateMode.error_if_exists) → PollingOperation[DatabaseRoleResource]¶

An asynchronous version of clone().

Refer to PollingOperation for more information on asynchronous execution and the return type.

drop(if_exists: bool | None = None) → None¶

Drop this database role.

Parameters:

if_exists (bool) – Check the existence of this database role before dropping it. Default is None, which is equivalent to False.

Examples

Deleting a database role using its reference:

>>> database_role_reference.drop()

Copy

Deleting a database role using its reference if it exists:

>>> database_role_reference.drop(if_exists=True)

Copy

drop_async(if_exists: bool | None = None) → PollingOperation[None]¶

An asynchronous version of drop().

Refer to PollingOperation for more information on asynchronous execution and the return type.

grant_future_privileges(privileges: list[str], securable_type: str, containing_scope: ContainingScope, grant_option: bool | None = None) → None¶

Grant privileges on all future securables matching the criteria to this database role.

Parameters:

• privileges (list[str]) – The list of privileges to be granted.

• securable_type (str) – The type of securable on which the privileges would be granted.

• containing_scope (ContainingScope) – The criteria to match the securables.

• grant_option (bool, optional) – If True, the grantee can grant the privilege to others. Default is None which means False.

Examples

Using a database role reference to grant privileges on all future schemas in a database to it:

>>> database_role_reference.grant_future_privileges(
...     ["CREATE", "USAGE"], "schema", ContainingScope(database="test_db")
... )

Copy

grant_future_privileges_async(privileges: list[str], securable_type: str, containing_scope: ContainingScope, grant_option: bool | None = None) → PollingOperation[None]¶

An asynchronous version of grant_future_privileges().

Refer to PollingOperation for more information on asynchronous execution and the return type.

grant_privileges(privileges: list[str], securable_type: str, securable: Securable | None = None, grant_option: bool | None = None) → None¶

Grant privileges on a securable to this database role.

Parameters:

• privileges (list[str]) – The list of privileges to be granted.

• securable_type (str) – The type of securable on which the privileges would be granted.

• securable (Securable, optional) – The securable on which the privileges would be granted. Default is None.

• grant_option (bool, optional) – If True, the grantee can grant the privilege to others. Default is None which means False.

Examples

Using a database role reference to grant privileges to it:

>>> database_role_reference.grant_privileges(
...     ["CREATE", "USAGE"], "database", Securable(database="test_db")
... )

Copy

grant_privileges_async(privileges: list[str], securable_type: str, securable: Securable | None = None, grant_option: bool | None = None) → PollingOperation[None]¶

An asynchronous version of grant_privileges().

Refer to PollingOperation for more information on asynchronous execution and the return type.

grant_privileges_on_all(privileges: list[str], securable_type: str, containing_scope: ContainingScope, grant_option: bool | None = None) → None¶

Grant privileges on all securables matching the criteria to this database role.

Parameters:

• privileges (list[str]) – The list of privileges to be granted.

• securable_type (str) – The type of securable on which the privileges would be granted.

• containing_scope (ContainingScope) – The criteria to match the securables.

• grant_option (bool, optional) – If True, the grantee can grant the privilege to others. Default is None which means False.

Examples

Using a database role reference to grant privileges on all schemas in a database to it:

>>> database_role_reference.grant_privileges_on_all(
...     ["CREATE", "USAGE"], "schema", ContainingScope(database="test_db")
... )

Copy

grant_privileges_on_all_async(privileges: list[str], securable_type: str, containing_scope: ContainingScope, grant_option: bool | None = None) → PollingOperation[None]¶

An asynchronous version of grant_privileges_on_all().

Refer to PollingOperation for more information on asynchronous execution and the return type.

grant_role(role_type: str, role: Securable) → None¶

Grant a role to this database role.

Parameters:

• role_type (str) – The type of role which would be granted.

• role (Securable) – The role which would be granted.

Examples

Using a database role reference to grant a role to it:

>>> database_role_reference.grant("database role", Securable(name="test_role"))

Copy

grant_role_async(role_type: str, role: Securable) → PollingOperation[None]¶

An asynchronous version of grant_role().

Refer to PollingOperation for more information on asynchronous execution and the return type.

iter_future_grants_to(show_limit: int | None = None) → Iterator[Grant]¶

List future grants to this database role.

Lists all privileges on new (i.e. future) objects of a specified type in a database or schema granted to the database role.

Parameters:

show_limit (int, optional) – Limit of the maximum number of rows returned by iter(). The default is None, which behaves equivalently to show_limit=10000. This value must be between 1 and 10000.

Examples

Using a database role reference to list future grants to it:

>>> database_role_reference.iter_future_grants_to()

Copy

iter_future_grants_to_async(show_limit: int | None = None) → PollingOperation[Iterator[Grant]]¶

An asynchronous version of iter_future_grants_to().

Refer to PollingOperation for more information on asynchronous execution and the return type.

iter_grants_to(show_limit: int | None = None) → Iterator[Grant]¶

List grants to this database role.

Lists all privileges and roles granted to the database role.

Parameters:

show_limit (int, optional) – Limit of the maximum number of rows returned by iter(). The default is None, which behaves equivalently to show_limit=10000. This value must be between 1 and 10000.

Examples

Using a database role reference to list grants to it:

>>> database_role_reference.iter_grants_to()

Copy

iter_grants_to_async(show_limit: int | None = None) → PollingOperation[Iterator[Grant]]¶

An asynchronous version of iter_grants_to().

Refer to PollingOperation for more information on asynchronous execution and the return type.

revoke_future_privileges(privileges: list[str], securable_type: str, containing_scope: ContainingScope, mode: DeleteMode | None = None) → None¶

Revoke privileges on all future securables matching the criteria from this database role.

Parameters:

• privileges (list[str]) – The list of privileges to be revoked.

• securable_type (str) – The type of securable on which the privileges would be revoked.

• containing_scope (ContainingScope) – The criteria to match the securables.

• mode (DeleteMode, optional) –

  One of the following enum values.

  DeleteMode.restrict: If the privilege being revoked has been re-granted to another role, the REVOKE command fails.

  DeleteMode.cascade: If the privilege being revoked has been re-granted, the REVOKE command recursively revokes these dependent grants. If the same privilege on an object has been granted to the target role by a different grantor (parallel grant), that grant is not affected and the target role retains the privilege.

  Default is None which is equivalent to DeleteMode.restrict.

Examples

Using a database role reference to revoke privileges on all future schemas in a database from it:

>>> database_role_reference.revoke_future_privileges(
...     ["CREATE", "USAGE"], "schema", ContainingScope(database="test_db")
... )

Copy

revoke_future_privileges_async(privileges: list[str], securable_type: str, containing_scope: ContainingScope, mode: DeleteMode | None = None) → PollingOperation[None]¶

An asynchronous version of revoke_future_privileges().

Refer to PollingOperation for more information on asynchronous execution and the return type.

revoke_grant_option_for_future_privileges(privileges: list[str], securable_type: str, containing_scope: ContainingScope, mode: DeleteMode | None = None) → None¶

Revoke grant option for privileges on all future securables matching the criteria from this database role.

Parameters:

• privileges (list[str]) – The list of privileges to be revoked.

• securable_type (str) – The type of securable on which the privileges would be revoked.

• containing_scope (ContainingScope) – The criteria to match the securables.

• mode (DeleteMode, optional) –

  One of the following enum values.

  DeleteMode.restrict: If the privilege being revoked has been re-granted to another role, the REVOKE command fails.

  DeleteMode.cascade: If the privilege being revoked has been re-granted, the REVOKE command recursively revokes these dependent grants. If the same privilege on an object has been granted to the target role by a different grantor (parallel grant), that grant is not affected and the target role retains the privilege.

  Default is None which is equivalent to DeleteMode.restrict.

Examples

Using a database role reference to revoke grant option for privileges on all future schemas in a database from it:

>>> database_role_reference.revoke_grant_option_for_future_privileges(
...     ["CREATE", "USAGE"], "schema", ContainingScope(database="test_db")
... )

Copy

revoke_grant_option_for_future_privileges_async(privileges: list[str], securable_type: str, containing_scope: ContainingScope, mode: DeleteMode | None = None) → PollingOperation[None]¶

An asynchronous version of revoke_grant_option_for_future_privileges().

Refer to PollingOperation for more information on asynchronous execution and the return type.

revoke_grant_option_for_privileges(privileges: list[str], securable_type: str, securable: Securable | None = None, mode: DeleteMode | None = None) → None¶

Revoke grant option for privileges on a securable from this database role.

Parameters:

• privileges (list[str]) – The list of privileges to be revoked.

• securable_type (str) – The type of securable on which the privileges would be revoked.

• securable (Securable, optional) – The securable on which the privileges would be revoked. Default is None.

• mode (DeleteMode, optional) –

  One of the following enum values.

  DeleteMode.restrict: If the privilege being revoked has been re-granted to another role, the REVOKE command fails.

  DeleteMode.cascade: If the privilege being revoked has been re-granted, the REVOKE command recursively revokes these dependent grants. If the same privilege on an object has been granted to the target role by a different grantor (parallel grant), that grant is not affected and the target role retains the privilege.

  Default is None which is equivalent to DeleteMode.restrict.

Examples

Using a database role reference to revoke grant option for privileges from it:

>>> database_role_reference.revoke_grant_option_for_privileges(
...     ["CREATE", "USAGE"], "database", Securable(database="test_db")
... )

Copy

revoke_grant_option_for_privileges_async(privileges: list[str], securable_type: str, securable: Securable | None = None, mode: DeleteMode | None = None) → PollingOperation[None]¶

An asynchronous version of revoke_grant_option_for_privileges().

Refer to PollingOperation for more information on asynchronous execution and the return type.

revoke_grant_option_for_privileges_on_all(privileges: list[str], securable_type: str, containing_scope: ContainingScope, mode: DeleteMode | None = None) → None¶

Revoke grant option for privileges on all securables matching the criteria from this database role.

Parameters:

• privileges (list[str]) – The list of privileges to be revoked.

• securable_type (str) – The type of securable on which the privileges would be revoked.

• containing_scope (ContainingScope) – The criteria to match the securables.

• mode (DeleteMode, optional) –

  One of the following enum values.

  DeleteMode.restrict: If the privilege being revoked has been re-granted to another role, the REVOKE command fails.

  DeleteMode.cascade: If the privilege being revoked has been re-granted, the REVOKE command recursively revokes these dependent grants. If the same privilege on an object has been granted to the target role by a different grantor (parallel grant), that grant is not affected and the target role retains the privilege.

  Default is None which is equivalent to DeleteMode.restrict.

Examples

Using a database role reference to revoke grant option for privileges on all schemas in a database from it:

>>> database_role_reference.revoke_grant_option_for_privileges_on_all(
...     ["CREATE", "USAGE"], "schema", ContainingScope(database="test_db")
... )

Copy

revoke_grant_option_for_privileges_on_all_async(privileges: list[str], securable_type: str, containing_scope: ContainingScope, mode: DeleteMode | None = None) → PollingOperation[None]¶

An asynchronous version of revoke_grant_option_for_privileges_on_all().

Refer to PollingOperation for more information on asynchronous execution and the return type.

revoke_privileges(privileges: list[str], securable_type: str, securable: Securable | None = None, mode: DeleteMode | None = None) → None¶

Revoke privileges on a securable from this database role.

Parameters:

• privileges (list[str]) – The list of privileges to be revoked.

• securable_type (str) – The type of securable on which the privileges would be revoked.

• securable (Securable, optional) – The securable on which the privileges would be revoked. Default is None.

• mode (DeleteMode, optional) –

  One of the following enum values.

  DeleteMode.restrict: If the privilege being revoked has been re-granted to another role, the REVOKE command fails.

  DeleteMode.cascade: If the privilege being revoked has been re-granted, the REVOKE command recursively revokes these dependent grants. If the same privilege on an object has been granted to the target role by a different grantor (parallel grant), that grant is not affected and the target role retains the privilege.

  Default is None which is equivalent to DeleteMode.restrict.

Examples

Using a database role reference to revoke privileges from it:

>>> database_role_reference.revoke_privileges(
...     ["CREATE", "USAGE"], "database", Securable(database="test_db")
... )

Copy

revoke_privileges_async(privileges: list[str], securable_type: str, securable: Securable | None = None, mode: DeleteMode | None = None) → PollingOperation[None]¶

An asynchronous version of revoke_privileges().

Refer to PollingOperation for more information on asynchronous execution and the return type.

revoke_privileges_on_all(privileges: list[str], securable_type: str, containing_scope: ContainingScope, mode: DeleteMode | None = None) → None¶

Revoke privileges on all securables matching the criteria from this database role.

Parameters:

• privileges (list[str]) – The list of privileges to be revoked.

• securable_type (str) – The type of securable on which the privileges would be revoked.

• containing_scope (ContainingScope) – The criteria to match the securables.

• mode (DeleteMode, optional) –

  One of the following enum values.

  DeleteMode.restrict: If the privilege being revoked has been re-granted to another role, the REVOKE command fails.

  DeleteMode.cascade: If the privilege being revoked has been re-granted, the REVOKE command recursively revokes these dependent grants. If the same privilege on an object has been granted to the target role by a different grantor (parallel grant), that grant is not affected and the target role retains the privilege.

  Default is None which is equivalent to DeleteMode.restrict.

Examples

Using a database role reference to revoke privileges on all schemas in a database from it:

>>> database_role_reference.revoke_privileges_on_all(
...     ["CREATE", "USAGE"], "schema", ContainingScope(database="test_db")
... )

Copy

revoke_privileges_on_all_async(privileges: list[str], securable_type: str, containing_scope: ContainingScope, mode: DeleteMode | None = None) → PollingOperation[None]¶

An asynchronous version of revoke_privileges_on_all().

Refer to PollingOperation for more information on asynchronous execution and the return type.

revoke_role(role_type: str, role: Securable) → None¶

Revoke a role from this database role.

Parameters:

• role_type (str) – The type of role which would be revoked.

• role (Securable) – The role which would be revoked.

Examples

Using a database role reference to revoke a role from it:

>>> database_role_reference.revoke("database role", Securable(name="test_role"))

Copy

revoke_role_async(role_type: str, role: Securable) → PollingOperation[None]¶

An asynchronous version of revoke_role().

Refer to PollingOperation for more information on asynchronous execution and the return type.