I've created what I think is a very standard user with access to a single role that can query a single table:
create user new_user;
alter user new_user set password = 'some_pw';
create role new_role;
alter user new_user set default_warehouse = 'compute_wh';
alter user new_user set default_role = 'new_role';
grant role new_role to user new_user;
grant usage on warehouse compute_wh to role new_role;
grant usage on schema my_schema to new_role;
grant usage on database my_db to role new_role;
grant select on my_db.my_schema.my_table to role new_role;
GRANT OPERATE ON WAREHOUSE COMPUTE_WH TO ROLE new_role;
However, when I set this user up in a SQL client (like DBeaver), I can't run any queries:
USE WAREHOUSE COMPUTE_WH; -- fails even here
USE DATABASE my_db;
SELECT * FROM my_db.my_schema.my_table;
SQL Error [2043] [02000]: SQL compilation error: Object does not exist, or operation cannot be performed.
What extra permissions could I be missing?
USE WAREHOUSE COMPUTE_WH; -- fails even here
If user has access to warehouse but cannot use it, it may indicate it is suspended. I would add operate privilige:
GRANT OPERATE ON WAREHOUSE COMPUTE_WH TO ROLE NEW_ROLE;
and check if auto-resume is on or explicitly start warehouse:
ALTER WAREHOUSE IF EXISTS COMPUTE_WH RESUME IF SUSPENDED;
USE WAREHOUSE COMPUTE_WH;
EDIT:
To check current role the following code could be used:
SELECT CURRENT_ROLE();
If the role is different than anticiapted, it could be changed with:
USE ROLE COMPUTE_WH;