Permifrost should support 'grant select on all tables in schema' for `db.*.*` in spec file

Hi and thank you for this awesome tool.

I recently joined an organization that has been using Permifrost to manage their Snowflake permissions. We run Permifrost via a CI/CD pipeline, and our permifrost run command can take nearly two hours to finish running. I am reaching out to see if you can help me identify if we are using Permifrost improperly, or if there is any way to improve the performance of permifrost run by adjusting our spec file.

Usage Context

Version

We are currently using the latest version of Permifrost in our CI/CD runs.

Users and Roles

We have about 70 roles and 60 users. In general, each user is given a role that corresponds to them (e.g. user_bob has a corresponding role_bob), and then that user's role is loaded with meaningful roles via member_of (e.g. role_warehouse_read_all will be listed under role_bob's member_of block).

Databases and Tables

We have several databases, some with thousands of tables. For tables blocks in our spec, it is common for us to grant all read-all access to a database via db.*.*, or read-all access to a schema via db.schema.*. I will mention that, when viewing the logs after permifrost run, there are no lines which grant select on all tables in schema... - only grant select on future tables in schema.... This means that an individual grant statement is listed for every existing table/role combination. Our log file for permifrost run is currently almost 60,000 lines.

---

Thanks for taking the time out to help me troubleshoot. If you would be willing, I would be more than happy to schedule some time with you to walk you through our spec file and answer any additional questions.