Snowflake 中的特定 table 查询角色无法使用仓库
Specific table querying role in Snowflake can't USE a warehouse
我创建了我认为非常标准的用户,可以访问可以查询单个 table:
的单个角色
create user new_user;
alter user new_user set password = 'some_pw';
create role new_role;
alter user new_user set default_warehouse = 'compute_wh';
alter user new_user set default_role = 'new_role';
grant role new_role to user new_user;
grant usage on warehouse compute_wh to role new_role;
grant usage on schema my_schema to new_role;
grant usage on database my_db to role new_role;
grant select on my_db.my_schema.my_table to role new_role;
GRANT OPERATE ON WAREHOUSE COMPUTE_WH TO ROLE new_role;
但是,当我在 SQL 客户端(如 DBeaver)中设置此用户时,我无法 运行 任何查询:
USE WAREHOUSE COMPUTE_WH; -- fails even here
USE DATABASE my_db;
SELECT * FROM my_db.my_schema.my_table;
SQL Error [2043] [02000]: SQL compilation error: Object does not
exist, or operation cannot be performed.
我可能缺少哪些额外权限?
USE WAREHOUSE COMPUTE_WH; -- fails even here
如果用户可以访问仓库但不能使用它,则可能表明它已被暂停。我会添加 operate 特权:
GRANT OPERATE ON WAREHOUSE COMPUTE_WH TO ROLE NEW_ROLE;
并检查自动恢复是否开启或明确启动仓库:
ALTER WAREHOUSE IF EXISTS COMPUTE_WH RESUME IF SUSPENDED;
USE WAREHOUSE COMPUTE_WH;
编辑:
要检查当前角色,可以使用以下代码:
SELECT CURRENT_ROLE();
如果角色与预期不同,可以更改为:
USE ROLE COMPUTE_WH;
我创建了我认为非常标准的用户,可以访问可以查询单个 table:
的单个角色create user new_user;
alter user new_user set password = 'some_pw';
create role new_role;
alter user new_user set default_warehouse = 'compute_wh';
alter user new_user set default_role = 'new_role';
grant role new_role to user new_user;
grant usage on warehouse compute_wh to role new_role;
grant usage on schema my_schema to new_role;
grant usage on database my_db to role new_role;
grant select on my_db.my_schema.my_table to role new_role;
GRANT OPERATE ON WAREHOUSE COMPUTE_WH TO ROLE new_role;
但是,当我在 SQL 客户端(如 DBeaver)中设置此用户时,我无法 运行 任何查询:
USE WAREHOUSE COMPUTE_WH; -- fails even here
USE DATABASE my_db;
SELECT * FROM my_db.my_schema.my_table;
SQL Error [2043] [02000]: SQL compilation error: Object does not exist, or operation cannot be performed.
我可能缺少哪些额外权限?
USE WAREHOUSE COMPUTE_WH; -- fails even here
如果用户可以访问仓库但不能使用它,则可能表明它已被暂停。我会添加 operate 特权:
GRANT OPERATE ON WAREHOUSE COMPUTE_WH TO ROLE NEW_ROLE;
并检查自动恢复是否开启或明确启动仓库:
ALTER WAREHOUSE IF EXISTS COMPUTE_WH RESUME IF SUSPENDED;
USE WAREHOUSE COMPUTE_WH;
编辑:
要检查当前角色,可以使用以下代码:
SELECT CURRENT_ROLE();
如果角色与预期不同,可以更改为:
USE ROLE COMPUTE_WH;