由于雪花中的权限,无法克隆数据库
Cannot CLONE a database because of permissions in snowflake
创建了一个名为 DEV_USER 的用户,属于角色 DEV_ROLE。
GRANT USAGE ON WAREHOUSE MYWH TO ROLE DEV_ROLE;
CREATE USER DEV_USER PASSWORD = 'secrets' COMMENT = 'Dev User' LOGIN_NAME = 'DEV_USER' DISPLAY_NAME = 'Development Only User' DEFAULT_ROLE = 'DEV_ROLE' DEFAULT_WAREHOUSE = 'MYWH' MUST_CHANGE_PASSWORD = FALSE;
ALTER USER DEV_USER SET DEFAULT_NAMESPACE = 'PUBLIC';
GRANT ROLE DEV_ROLE TO USER DEV_USER;
GRANT ROLE DEV_ROLE TO USER MYUSERACCT;
GRANT ALL ON DATABASE DEV_DB TO ROLE DEV_ROLE WITH GRANT OPTION;
GRANT ALL ON DATABASE "DEV_DB" TO ROLE "DEV_ROLE" WITH GRANT OPTION;
GRANT ALL ON SCHEMA "DEV_DB"."PUBLIC" TO ROLE "DEV_ROLE" WITH GRANT OPTION;
我使用 MYUSERACCT 登录。我默认为DEV_ROLE。我转到 DATABASES 并尝试将 DEV_DB 克隆到 DEV_DB_CLONE,但出现以下错误:
无法创建数据库 DEV_DB_CLONE。
SQL访问控制错误:权限不足,无法操作帐户'XX12345'
显然,如果我将我的用户设置为 SYSADMIN 或 ACCOUNTADMIN,它就会起作用。但是当我设置为 DEV_ROLE.
时我需要它来 CLONE
我错过了什么?
security access control privileges 表示对于克隆,您需要通过角色
获得 CREATE DATABASE 的全局权限
CREATE USER DEV_USER1 PASSWORD = 'secrets' COMMENT = 'Dev User' LOGIN_NAME = 'DEV_USER' DISPLAY_NAME = 'Development Only User';
CREATE ROLE CLONE_ROLE;
GRANT CREATE DATABASE ON ACCOUNT TO ROLE CLONE_ROLE;
GRANT ROLE CLONE_ROLE TO USER DEV_USER1;
DROP USER DEV_USER1;
DROP ROLE CLONE_ROLE;
创建了一个名为 DEV_USER 的用户,属于角色 DEV_ROLE。
GRANT USAGE ON WAREHOUSE MYWH TO ROLE DEV_ROLE;
CREATE USER DEV_USER PASSWORD = 'secrets' COMMENT = 'Dev User' LOGIN_NAME = 'DEV_USER' DISPLAY_NAME = 'Development Only User' DEFAULT_ROLE = 'DEV_ROLE' DEFAULT_WAREHOUSE = 'MYWH' MUST_CHANGE_PASSWORD = FALSE;
ALTER USER DEV_USER SET DEFAULT_NAMESPACE = 'PUBLIC';
GRANT ROLE DEV_ROLE TO USER DEV_USER;
GRANT ROLE DEV_ROLE TO USER MYUSERACCT;
GRANT ALL ON DATABASE DEV_DB TO ROLE DEV_ROLE WITH GRANT OPTION;
GRANT ALL ON DATABASE "DEV_DB" TO ROLE "DEV_ROLE" WITH GRANT OPTION;
GRANT ALL ON SCHEMA "DEV_DB"."PUBLIC" TO ROLE "DEV_ROLE" WITH GRANT OPTION;
我使用 MYUSERACCT 登录。我默认为DEV_ROLE。我转到 DATABASES 并尝试将 DEV_DB 克隆到 DEV_DB_CLONE,但出现以下错误:
无法创建数据库 DEV_DB_CLONE。 SQL访问控制错误:权限不足,无法操作帐户'XX12345'
显然,如果我将我的用户设置为 SYSADMIN 或 ACCOUNTADMIN,它就会起作用。但是当我设置为 DEV_ROLE.
时我需要它来 CLONE我错过了什么?
security access control privileges 表示对于克隆,您需要通过角色
获得CREATE DATABASE 的全局权限
CREATE USER DEV_USER1 PASSWORD = 'secrets' COMMENT = 'Dev User' LOGIN_NAME = 'DEV_USER' DISPLAY_NAME = 'Development Only User';
CREATE ROLE CLONE_ROLE;
GRANT CREATE DATABASE ON ACCOUNT TO ROLE CLONE_ROLE;
GRANT ROLE CLONE_ROLE TO USER DEV_USER1;
DROP USER DEV_USER1;
DROP ROLE CLONE_ROLE;