GRANT DATABASE ROLE … TO SHARE

Snowflake logo in black (no text) Preview Feature — Open

Available to all accounts.

Grants a database role to a share. Granting a database role effectively adds privileges on a single database to the share, which can then be shared with one or more consumer accounts.

After consumers create a database from the share, they can grant the shared database roles to roles in their account to allow users with those roles to access database objects in the share.

For more details, see Introduction to Secure Data Sharing and Working with Shares.

See also:

REVOKE DATABASE ROLE … FROM SHARE

Syntax

GRANT DATABASE ROLE <name>
  TO SHARE <share_name>
Copy

Parameters

name

Specifies the identifier (i.e. name) for the database role; must be unique in the database in which the role is created.

The identifier must start with an alphabetic character and cannot contain spaces or special characters unless the entire identifier string is enclosed in double quotes (e.g. "My object"). Identifiers enclosed in double quotes are also case-sensitive.

If the identifier is not fully qualified (in the form of db_name.database_role_name, the command looks for the database role in the current database for the session.

share_name

Specifies the identifier for the share from which the specified database role is granted.

Usage Notes

Granting a database role to a share fails if any DDL or other restricted privilege was granted to the database role. A database role can only grant permissions for read-only activity on a database and its objects.

Examples

Grant the database role dr1 in database d1 to share share1:

GRANT DATABASE ROLE d1.dr1 TO SHARE share1;
Copy
Language: English