I was just looking through our account roles (using SHOW GRANTS ON ACCOUNT) to identify an issue with some privileges, when I ran into an unknown role: APPADMIN.
This role does not appear along with the other system roles (ACCOUNTADMIN, SYSADMIN, USERADMIN, SECURITYADMIN, ORGADMIN, and PUBLIC) when I look at the full list of roles in the account (either in the UI, or using SHOW ROLES). I'm using the ACCOUNTADMIN role, so everything should be there.
Also, when I run SHOW GRANTS TO ROLE APPADMIN, it fails: SQL compilation error: Role 'APPADMIN' does not exist or not authorized.
Moreover, how can this role have any grants if it apparently doesn't exist? I tried creating and dropping a dummy role, and the grants were dropped along with the role (as expected).
CREATE ROLE test;
GRANT CREATE DATABASE ON ACCOUNT TO ROLE test;
SHOW GRANTS ON ACCOUNT; -- test grant is there
DROP ROLE test;
SHOW GRANTS ON ACCOUNT; -- test grant is no longer there
The role has access to CREATE DATABASE, CREATE INTEGRATION, CREATE ROLE & CREATE USER, and the grants were added on 2020-06-05.
We've never created this role, so I assume it must be some kind of system role -- maybe something related to Snowsight?
Can anyone else also see this in their account?
You are correct these operations were part of our automated feature provisioning for Snowsight which needed to perform some specific operations when it launched in Public Preview between 6/4/20 and 6/5/20. Given these operations were internal, it should not be viewable on our customers' end. We'll get this corrected and thanks for bringing to our attention.