Snowflake Inc.
Fine-grained access control via database roles

Abstract:

Embodiments of the present disclosure provide systems and methods for defining database roles to allow sharing of the objects within a database in a more granular fashion. A database role is created within a database, and privileges are granted to the database role by a provider account. The database role may be granted to a share object, which would result in the share object being indirectly granted all privileges that have been granted to the database role. Once the share object has been hydrated in the consumer account, the local administrator can then decide which local roles are granted usage on the shared database role, thus ultimately allowing some level of filtering as to which shared objects can be accessed by which local roles.