Shared DB: Run grant IMPORTED PRIVILEGES on database SHARED_DB_NAME to role ROLE_NAME; queries for shared DB
Describe the feature
Right now shared DBs are not handled by Permifrost. But in fact the only query that is needed on shared db is:
grant IMPORTED PRIVILEGES on database shared_db to role ROLE; This is giving read access to the shared db to the role. No other permissions can be given to a role on a shared database, (so no more granular permissions, for example on schemas/tables). This would be nice to handle in Permifrost.
Create a new keyword (like privileges which would be imported privileges), it could translate in the yml file like :
databases:
- not_shared_db:
shared: false
- shared_db:
shared: true
role:
owner: sysadmin
privileges:
databases:
read:
- not_shared_db
schemas:
read:
- not_shared_db.*
imported_privileges:
- shared_dbIn the script it would be something like (in a clean way :) ) :
for db in imported_privileges:
if db[shared] is True:
run the grant IMPORTED PRIVILEGES query for the role This option implies that users have different spec files for each environment (which I think is a good thing).
The only issues are the fact that no granular rights can be given to shared db but this is due to snowflake and is true even without permifrost.
Describe alternatives you've considered
still run this manually on snowflake - so not a real alternative.
Additional context
Relevant for users having data sharing between snowflake instances.
Who will this benefit?
Relevant for users having data sharing between snowflake instances.
Are you interested in contributing this feature?
sure
FYI; snowflake doc on data sharing: https://docs.snowflake.com/en/user-guide/data-sharing-intro.html