REGISTER_TEMPLATE | Default registry: GRANT_PRIVILEGE_ON_ACCOUNT_TO_ROLE('REGISTER TEMPLATE', '{role name}') Custom registry: You have read and write privileges on any custom registry that you created yourself. To access a custom registry created by another user, you need GRANT_PRIVILEGE_ON_OBJECT_TO_ROLE('REGISTER', 'REGISTRY', '{registry name}', '{role name}'). |
VIEW_REGISTERED_TEMPLATES | Default registry:
GRANT_PRIVILEGE_ON_ACCOUNT_TO_ROLE('VIEW REGISTERED TEMPLATES', '{role name}')GRANT_PRIVILEGE_ON_ACCOUNT_TO_ROLE('CREATE COLLABORATION', '{role name}'), plus all additional account-level privilegesGRANT_PRIVILEGE_ON_ACCOUNT_TO_ROLE('JOIN COLLABORATION', '{role name}'), plus all additional account-level privileges Custom registry: You have read and write privileges on any custom registry that you created yourself. To access a custom registry created by another user, you need GRANT_PRIVILEGE_ON_OBJECT_TO_ROLE('READ', 'REGISTRY', '{registry name}', '{role name}'). |
ADD_TEMPLATE_REQUEST |
GRANT_PRIVILEGE_ON_OBJECT_TO_ROLE('UPDATE', 'COLLABORATION', '{collaboration name}', '{role name}')GRANT_PRIVILEGE_ON_ACCOUNT_TO_ROLE('CREATE COLLABORATION', '{role name}'), plus all additional account-level privilegesGRANT_PRIVILEGE_ON_ACCOUNT_TO_ROLE('JOIN COLLABORATION', '{role name}'), plus all additional account-level privileges If the template is in a custom registry, or references a code spec in a custom registry, you must also have the READ privilege on the registry. |
REMOVE_TEMPLATE |
GRANT_PRIVILEGE_ON_OBJECT_TO_ROLE('UPDATE', 'COLLABORATION', '{collaboration name}', '{role name}')GRANT_PRIVILEGE_ON_ACCOUNT_TO_ROLE('CREATE COLLABORATION', '{role name}'), plus all additional account-level privilegesGRANT_PRIVILEGE_ON_ACCOUNT_TO_ROLE('JOIN COLLABORATION', '{role name}'), plus all additional account-level privileges |
VIEW_TEMPLATES |
GRANT_PRIVILEGE_ON_OBJECT_TO_ROLE('VIEW TEMPLATES', 'COLLABORATION', '{collaboration name}', '{role name}')GRANT_PRIVILEGE_ON_OBJECT_TO_ROLE('READ', 'COLLABORATION', '{collaboration name}', '{role name}')GRANT_PRIVILEGE_ON_ACCOUNT_TO_ROLE('CREATE COLLABORATION', '{role name}'), plus all additional account-level privilegesGRANT_PRIVILEGE_ON_ACCOUNT_TO_ROLE('JOIN COLLABORATION', '{role name}'), plus all additional account-level privileges Additionally, to see objects registered in a custom registry, you need the READ privilege on that registry. |
ENABLE_TEMPLATE_AUTO_APPROVAL |
GRANT_PRIVILEGE_ON_OBJECT_TO_ROLE('MANAGE TEMPLATE AUTO APPROVAL', 'COLLABORATION', '{collaboration name}', '{role name}')GRANT_PRIVILEGE_ON_OBJECT_TO_ROLE('UPDATE', 'COLLABORATION', '{collaboration name}', '{role name}')GRANT_PRIVILEGE_ON_ACCOUNT_TO_ROLE('CREATE COLLABORATION', '{role name}'), plus all additional account-level privilegesGRANT_PRIVILEGE_ON_ACCOUNT_TO_ROLE('JOIN COLLABORATION', '{role name}'), plus all additional account-level privileges |
DISABLE_TEMPLATE_AUTO_APPROVAL |
GRANT_PRIVILEGE_ON_OBJECT_TO_ROLE('MANAGE TEMPLATE AUTO APPROVAL', 'COLLABORATION', '{collaboration name}', '{role name}')GRANT_PRIVILEGE_ON_OBJECT_TO_ROLE('UPDATE', 'COLLABORATION', '{collaboration name}', '{role name}')GRANT_PRIVILEGE_ON_ACCOUNT_TO_ROLE('CREATE COLLABORATION', '{role name}'), plus all additional account-level privilegesGRANT_PRIVILEGE_ON_ACCOUNT_TO_ROLE('JOIN COLLABORATION', '{role name}'), plus all additional account-level privileges |
GET_CONFIGURATION |
GRANT_PRIVILEGE_ON_OBJECT_TO_ROLE('MANAGE TEMPLATE AUTO APPROVAL', 'COLLABORATION', '{collaboration name}', '{role name}')GRANT_PRIVILEGE_ON_OBJECT_TO_ROLE('READ', 'COLLABORATION', '{collaboration name}', '{role name}')GRANT_PRIVILEGE_ON_ACCOUNT_TO_ROLE('CREATE COLLABORATION', '{role name}'), plus all additional account-level privilegesGRANT_PRIVILEGE_ON_ACCOUNT_TO_ROLE('JOIN COLLABORATION', '{role name}'), plus all additional account-level privileges |
SET_CONFIGURATION |
GRANT_PRIVILEGE_ON_OBJECT_TO_ROLE('MANAGE TEMPLATE AUTO APPROVAL', 'COLLABORATION', '{collaboration name}', '{role name}')GRANT_PRIVILEGE_ON_OBJECT_TO_ROLE('UPDATE', 'COLLABORATION', '{collaboration name}', '{role name}')GRANT_PRIVILEGE_ON_ACCOUNT_TO_ROLE('CREATE COLLABORATION', '{role name}'), plus all additional account-level privilegesGRANT_PRIVILEGE_ON_ACCOUNT_TO_ROLE('JOIN COLLABORATION', '{role name}'), plus all additional account-level privileges |
REGISTER_DATA_OFFERING | Default registry: GRANT_PRIVILEGE_ON_ACCOUNT_TO_ROLE('REGISTER DATA OFFERING', '{role name}') Custom registry: You have read and write privileges on any custom registry that you created yourself. To access a custom
registry created by another user, you need GRANT_PRIVILEGE_ON_OBJECT_TO_ROLE('REGISTER', 'REGISTRY', '{registry name}', '{role name}'). Additionally, the caller needs the following RBAC privileges:
- SELECT on the source table/view.
- USAGE on the database and schema containing the source table.
- USAGE on any policy objects referenced in the spec.
|
LINK_DATA_OFFERING |
GRANT_PRIVILEGE_ON_ACCOUNT_TO_ROLE('CREATE COLLABORATION', '{role name}'), plus all additional account-level privilegesGRANT_PRIVILEGE_ON_ACCOUNT_TO_ROLE('JOIN COLLABORATION', '{role name}'), plus all additional account-level privileges Additionally, the caller must have the REFERENCE_USAGE privilege with GRANT OPTION on any data to be shared. If you don’t, you’ll get a “missing reference usage grant” error. Learn how to handle this issue. If the data offering is in a custom registry, you must also have privileges granted by calling GRANT_PRIVILEGE_ON_OBJECT_TO_ROLE('READ', 'REGISTRY', '{registry name}', '{role name}'). |
UNLINK_DATA_OFFERING |
GRANT_PRIVILEGE_ON_ACCOUNT_TO_ROLE('CREATE COLLABORATION', '{role name}'), plus all additional account-level privilegesGRANT_PRIVILEGE_ON_ACCOUNT_TO_ROLE('JOIN COLLABORATION', '{role name}'), plus all additional account-level privileges The UPDATE privilege on a collaboration doesn’t grant access to this procedure. Additionally, only the role that called JOIN can successfully unlink data offerings, because the underlying share is owned by the joining role. |
LINK_LOCAL_DATA_OFFERING |
GRANT_PRIVILEGE_ON_OBJECT_TO_ROLE('UPDATE', 'COLLABORATION', '{collaboration name}', '{role name}')GRANT_PRIVILEGE_ON_ACCOUNT_TO_ROLE('CREATE COLLABORATION', '{role name}'), plus all additional account-level privilegesGRANT_PRIVILEGE_ON_ACCOUNT_TO_ROLE('JOIN COLLABORATION', '{role name}'), plus all additional account-level privileges |
UNLINK_LOCAL_DATA_OFFERING |
GRANT_PRIVILEGE_ON_OBJECT_TO_ROLE('UPDATE', 'COLLABORATION', '{collaboration name}', '{role name}')GRANT_PRIVILEGE_ON_ACCOUNT_TO_ROLE('CREATE COLLABORATION', '{role name}'), plus all additional account-level privilegesGRANT_PRIVILEGE_ON_ACCOUNT_TO_ROLE('JOIN COLLABORATION', '{role name}'), plus all additional account-level privileges |
VIEW_REGISTERED_DATA_OFFERINGS | Default registry:
GRANT_PRIVILEGE_ON_ACCOUNT_TO_ROLE('VIEW REGISTERED DATA OFFERINGS', '{role name}')GRANT_PRIVILEGE_ON_ACCOUNT_TO_ROLE('CREATE COLLABORATION', '{role name}'), plus all additional account-level privilegesGRANT_PRIVILEGE_ON_ACCOUNT_TO_ROLE('JOIN COLLABORATION', '{role name}'), plus all additional account-level privileges Custom registry: You have read and write privileges on any custom registry that you created yourself. To access a custom registry created by another user, you need GRANT_PRIVILEGE_ON_OBJECT_TO_ROLE('READ', 'REGISTRY', '{registry name}', '{role name}'). |
VIEW_DATA_OFFERINGS |
GRANT_PRIVILEGE_ON_OBJECT_TO_ROLE('VIEW DATA OFFERINGS', 'COLLABORATION', '{collaboration name}', '{role name}')GRANT_PRIVILEGE_ON_OBJECT_TO_ROLE('READ', 'COLLABORATION', '{collaboration name}', '{role name}')GRANT_PRIVILEGE_ON_ACCOUNT_TO_ROLE('CREATE COLLABORATION', '{role name}'), plus all additional account-level privilegesGRANT_PRIVILEGE_ON_ACCOUNT_TO_ROLE('JOIN COLLABORATION', '{role name}'), plus all additional account-level privileges Additionally, to see objects registered in a custom registry, you need the READ privilege on that registry. |
REGISTER_CODE_SPEC | Default registry: GRANT_PRIVILEGE_ON_ACCOUNT_TO_ROLE('REGISTER CODE SPEC', '{role name}') Custom registry: You have read and write privileges on any custom registry that you created yourself. To access a custom registry created by another user, you need GRANT_PRIVILEGE_ON_OBJECT_TO_ROLE('REGISTER', 'REGISTRY', '{registry name}', '{role name}'). |
VIEW_REGISTERED_CODE_SPECS | Default registry:
GRANT_PRIVILEGE_ON_ACCOUNT_TO_ROLE('VIEW REGISTERED CODE SPECS', '{role name}')GRANT_PRIVILEGE_ON_ACCOUNT_TO_ROLE('CREATE COLLABORATION', '{role name}'), plus all additional account-level privilegesGRANT_PRIVILEGE_ON_ACCOUNT_TO_ROLE('JOIN COLLABORATION', '{role name}'), plus all additional account-level privileges Custom registry: You have read and write privileges on any custom registry that you created yourself. To access a custom registry created by another user, you need GRANT_PRIVILEGE_ON_OBJECT_TO_ROLE('READ', 'REGISTRY', '{registry name}', '{role name}'). |
VIEW_CODE_SPECS |
GRANT_PRIVILEGE_ON_OBJECT_TO_ROLE('READ', 'COLLABORATION', '{collaboration name}', '{role name}')GRANT_PRIVILEGE_ON_ACCOUNT_TO_ROLE('CREATE COLLABORATION', '{role name}'), plus all additional account-level privilegesGRANT_PRIVILEGE_ON_ACCOUNT_TO_ROLE('JOIN COLLABORATION', '{role name}'), plus all additional account-level privileges Additionally, to see objects registered in a custom registry, you need the READ privilege on that registry. |
VIEW_UPDATE_REQUESTS |
GRANT_PRIVILEGE_ON_OBJECT_TO_ROLE('READ', 'COLLABORATION', '{collaboration name}', '{role name}')GRANT_PRIVILEGE_ON_OBJECT_TO_ROLE('UPDATE', 'COLLABORATION', '{collaboration name}', '{role name}')GRANT_PRIVILEGE_ON_ACCOUNT_TO_ROLE('CREATE COLLABORATION', '{role name}'), plus all additional account-level privilegesGRANT_PRIVILEGE_ON_ACCOUNT_TO_ROLE('JOIN COLLABORATION', '{role name}'), plus all additional account-level privileges |
APPROVE_UPDATE_REQUEST |
GRANT_PRIVILEGE_ON_OBJECT_TO_ROLE('MANAGE UPDATE REQUEST', 'COLLABORATION', '{collaboration name}', '{role name}')GRANT_PRIVILEGE_ON_OBJECT_TO_ROLE('UPDATE', 'COLLABORATION', '{collaboration name}', '{role name}')GRANT_PRIVILEGE_ON_ACCOUNT_TO_ROLE('CREATE COLLABORATION', '{role name}'), plus all additional account-level privilegesGRANT_PRIVILEGE_ON_ACCOUNT_TO_ROLE('JOIN COLLABORATION', '{role name}'), plus all additional account-level privileges |
REJECT_UPDATE_REQUEST |
GRANT_PRIVILEGE_ON_OBJECT_TO_ROLE('MANAGE UPDATE REQUEST', 'COLLABORATION', '{collaboration name}', '{role name}')GRANT_PRIVILEGE_ON_OBJECT_TO_ROLE('UPDATE', 'COLLABORATION', '{collaboration name}', '{role name}')GRANT_PRIVILEGE_ON_ACCOUNT_TO_ROLE('CREATE COLLABORATION', '{role name}'), plus all additional account-level privilegesGRANT_PRIVILEGE_ON_ACCOUNT_TO_ROLE('JOIN COLLABORATION', '{role name}'), plus all additional account-level privileges |
INITIALIZE |
GRANT_PRIVILEGE_ON_ACCOUNT_TO_ROLE('CREATE COLLABORATION', '{role name}'), plus all additional account-level privileges See GRANT_PRIVILEGE_ON_ACCOUNT_TO_ROLE for additional required role permissions. |
TEARDOWN |
GRANT_PRIVILEGE_ON_ACCOUNT_TO_ROLE('CREATE COLLABORATION', '{role name}'), plus all additional account-level privilegesGRANT_PRIVILEGE_ON_ACCOUNT_TO_ROLE('JOIN COLLABORATION', '{role name}'), plus all additional account-level privileges See GRANT_PRIVILEGE_ON_ACCOUNT_TO_ROLE for additional required role permissions. |
GET_STATUS |
GRANT_PRIVILEGE_ON_OBJECT_TO_ROLE('READ', 'COLLABORATION', '{collaboration name}', '{role name}')GRANT_PRIVILEGE_ON_ACCOUNT_TO_ROLE('CREATE COLLABORATION', '{role name}'), plus all additional account-level privilegesGRANT_PRIVILEGE_ON_ACCOUNT_TO_ROLE('JOIN COLLABORATION', '{role name}'), plus all additional account-level privileges |
ENABLE_EXTERNAL_TABLE_ANALYSIS _FOR_COLLABORATION | You must use a role that has been granted the MANAGE FIREWALL_CONFIGURATION privilege on the account. |
VIEW_COLLABORATIONS |
GRANT_PRIVILEGE_ON_ACCOUNT_TO_ROLE('VIEW COLLABORATIONS', '{role name}')GRANT_PRIVILEGE_ON_OBJECT_TO_ROLE('READ', 'COLLABORATION', '{collaboration name}', '{role name}')GRANT_PRIVILEGE_ON_OBJECT_TO_ROLE('RUN', 'COLLABORATION', '{collaboration name}', '{role name}')GRANT_PRIVILEGE_ON_ACCOUNT_TO_ROLE('CREATE COLLABORATION', '{role name}'), plus all additional account-level privilegesGRANT_PRIVILEGE_ON_ACCOUNT_TO_ROLE('JOIN COLLABORATION', '{role name}'), plus all additional account-level privileges |
REVIEW |
GRANT_PRIVILEGE_ON_ACCOUNT_TO_ROLE('REVIEW COLLABORATION', '{role name}')GRANT_PRIVILEGE_ON_ACCOUNT_TO_ROLE('CREATE COLLABORATION', '{role name}'), plus all additional account-level privilegesGRANT_PRIVILEGE_ON_ACCOUNT_TO_ROLE('JOIN COLLABORATION', '{role name}'), plus all additional account-level privileges See GRANT_PRIVILEGE_ON_ACCOUNT_TO_ROLE for additional required role permissions. |
JOIN |
GRANT_PRIVILEGE_ON_ACCOUNT_TO_ROLE('CREATE COLLABORATION', '{role name}'), plus all additional account-level privilegesGRANT_PRIVILEGE_ON_ACCOUNT_TO_ROLE('JOIN COLLABORATION', '{role name}'), plus all additional account-level privileges See GRANT_PRIVILEGE_ON_ACCOUNT_TO_ROLE for additional required role permissions. |
LEAVE |
GRANT_PRIVILEGE_ON_ACCOUNT_TO_ROLE('CREATE COLLABORATION', '{role name}'), plus all additional account-level privilegesGRANT_PRIVILEGE_ON_ACCOUNT_TO_ROLE('JOIN COLLABORATION', '{role name}'), plus all additional account-level privileges See GRANT_PRIVILEGE_ON_ACCOUNT_TO_ROLE for additional required role permissions. |
RUN |
GRANT_PRIVILEGE_ON_OBJECT_TO_ROLE('RUN', 'COLLABORATION', '{collaboration name}', '{role name}')GRANT_PRIVILEGE_ON_ACCOUNT_TO_ROLE('CREATE COLLABORATION', '{role name}'), plus all additional account-level privilegesGRANT_PRIVILEGE_ON_ACCOUNT_TO_ROLE('JOIN COLLABORATION', '{role name}'), plus all additional account-level privileges |
VIEW_ACTIVITY_HISTORY |
GRANT_PRIVILEGE_ON_OBJECT_TO_ROLE('VIEW ACTIVITY HISTORY', 'COLLABORATION', '{collaboration name}', '{role name}')GRANT_PRIVILEGE_ON_ACCOUNT_TO_ROLE('CREATE COLLABORATION', '{role name}'), plus all additional account-level privilegesGRANT_PRIVILEGE_ON_ACCOUNT_TO_ROLE('JOIN COLLABORATION', '{role name}'), plus all additional account-level privileges |
VIEW_ACTIVATIONS |
GRANT_PRIVILEGE_ON_OBJECT_TO_ROLE('VIEW ACTIVATIONS', 'COLLABORATION', '{collaboration name}', '{role name}')GRANT_PRIVILEGE_ON_OBJECT_TO_ROLE('RUN', 'COLLABORATION', '{collaboration name}', '{role name}')GRANT_PRIVILEGE_ON_ACCOUNT_TO_ROLE('CREATE COLLABORATION', '{role name}'), plus all additional account-level privilegesGRANT_PRIVILEGE_ON_ACCOUNT_TO_ROLE('JOIN COLLABORATION', '{role name}'), plus all additional account-level privileges |
PROCESS_ACTIVATION |
GRANT_PRIVILEGE_ON_OBJECT_TO_ROLE('PROCESS ACTIVATION', 'COLLABORATION', '{collaboration name}', '{role name}')GRANT_PRIVILEGE_ON_ACCOUNT_TO_ROLE('CREATE COLLABORATION', '{role name}'), plus all additional account-level privilegesGRANT_PRIVILEGE_ON_ACCOUNT_TO_ROLE('JOIN COLLABORATION', '{role name}'), plus all additional account-level privileges |
CREATE_REGISTRY | - GRANT_PRIVILEGE_ON_ACCOUNT_TO_ROLE('CREATE REGISTRY', '{role name}') |
VIEW_REGISTRIES |
GRANT_PRIVILEGE_ON_ACCOUNT_TO_ROLE('VIEW REGISTRIES', '{role name}')GRANT_PRIVILEGE_ON_ACCOUNT_TO_ROLE('CREATE COLLABORATION', '{role name}')GRANT_PRIVILEGE_ON_ACCOUNT_TO_ROLE('JOIN COLLABORATION', '{role name}')GRANT_PRIVILEGE_ON_ACCOUNT_TO_ROLE('CREATE REGISTRY', '{role name}') |
GRANT_PRIVILEGE_ON_OBJECT_TO_ROLE |
- For collaboration objects: Any role with CREATE COLLABORATION or JOIN COLLABORATION can call this procedure on any collaboration.
- For registry objects: Only the role that created the registry can call this procedure on that registry.
|
GRANT_PRIVILEGE_ON_ACCOUNT_TO_ROLE | You need the ACCOUNTADMIN role, or a role with the MANAGE GRANTS global privilege, to run this procedure. |