在 Snowflake 中设置系统范围的变量
Setting System Wide Variables in Snowflake
我有兴趣找到一种方法,可以将系统范围的变量写入 Snowflake 帐户,并在视图中使用,以便用户可以看到底层 DDL,但不知道特定函数中使用的值.
目前这是通过使这些成为 "Secure" 视图来完成的,但这限制了几乎每个人看到底层 DDL(这将对我们的用户和管理员有所帮助)。
我想知道是否有办法设置系统范围变量,并在 DDL 中使用它。
示例:
SET SYSTEM VARIABLE variable_name = 'some_value';
CREATE VIEW catalog.schema.tablename AS
SELECT TRANSLATE(COLUMN_NAME, '0123456789', variable_name) AS NEW_COLUMN_NAME
FROM <FULL SOURCE TABLE NAME>
WHERE <WHATEVER CONDITIONS APPLY>;
我发现在会话中设置变量,我知道我可以查看/更改帐户参数。但是我可以创建类似帐户变量的东西吗?
函数 has two privileges on it - 所有权和使用权。如果您不将这些功能权限中的任何一个授予视图的查看者,但您将视图的查看者 SELECT 权限授予,他们将能够看到视图的 DDL,但不会能够看到UDF的细节。然后您可以在您的 UDF 中存储您不希望其他人看到的值。稍后我会 post 编写代码。
--Something like this to test it out from scratch. You must have accountadmin for this to work:
--use role accountadmin:
--create a database called demo_db;
--create a role called owner_demo_db and grant it usage, monitor, and create schema; also give it usage on a warehouse;
--create a user called demo_db_user. give them ownership on demo_db;
--create a role called reader_demo_db;
--assign the "reader" and the "owner" role to demo_db_user;
--as the owner_demo_db role, create the following:
use role owner_demo_db;
--The role owner_demo_db will own this function
create function pi_udf()
returns float
as '3.141592654::FLOAT'
;
--The role owner_demo_db will own this view
create view MyView as
select 'some_value' AS someval
, pi_udf() pi_val;
--Because owner_demo_db owns the view, they can grant select to the reader role to the view
grant select on view demo_db.demo_schema.MyView to reader_demo_db;
--Show functions and views and you'll be able to see both.
show functions;
show views;
--Show functions and views as reader_demo_db, and you'll only be able to see DDL for the view b/c you don't have a privilege on the function
use role reader_demo_db;
show functions;
show views;
我有兴趣找到一种方法,可以将系统范围的变量写入 Snowflake 帐户,并在视图中使用,以便用户可以看到底层 DDL,但不知道特定函数中使用的值.
目前这是通过使这些成为 "Secure" 视图来完成的,但这限制了几乎每个人看到底层 DDL(这将对我们的用户和管理员有所帮助)。
我想知道是否有办法设置系统范围变量,并在 DDL 中使用它。
示例:
SET SYSTEM VARIABLE variable_name = 'some_value';
CREATE VIEW catalog.schema.tablename AS
SELECT TRANSLATE(COLUMN_NAME, '0123456789', variable_name) AS NEW_COLUMN_NAME
FROM <FULL SOURCE TABLE NAME>
WHERE <WHATEVER CONDITIONS APPLY>;
我发现在会话中设置变量,我知道我可以查看/更改帐户参数。但是我可以创建类似帐户变量的东西吗?
函数 has two privileges on it - 所有权和使用权。如果您不将这些功能权限中的任何一个授予视图的查看者,但您将视图的查看者 SELECT 权限授予,他们将能够看到视图的 DDL,但不会能够看到UDF的细节。然后您可以在您的 UDF 中存储您不希望其他人看到的值。稍后我会 post 编写代码。
--Something like this to test it out from scratch. You must have accountadmin for this to work:
--use role accountadmin:
--create a database called demo_db;
--create a role called owner_demo_db and grant it usage, monitor, and create schema; also give it usage on a warehouse;
--create a user called demo_db_user. give them ownership on demo_db;
--create a role called reader_demo_db;
--assign the "reader" and the "owner" role to demo_db_user;
--as the owner_demo_db role, create the following:
use role owner_demo_db;
--The role owner_demo_db will own this function
create function pi_udf()
returns float
as '3.141592654::FLOAT'
;
--The role owner_demo_db will own this view
create view MyView as
select 'some_value' AS someval
, pi_udf() pi_val;
--Because owner_demo_db owns the view, they can grant select to the reader role to the view
grant select on view demo_db.demo_schema.MyView to reader_demo_db;
--Show functions and views and you'll be able to see both.
show functions;
show views;
--Show functions and views as reader_demo_db, and you'll only be able to see DDL for the view b/c you don't have a privilege on the function
use role reader_demo_db;
show functions;
show views;