Search code examples
snowflake-cloud-data-platformprivilegesownership

Grant Ownership to a USER

We want to replace our Ownership to SECURITYADMIN from one user to another

  1. Is it possible to transfer privileges between users or clone user privileges?
  2. How do we add Privileges and take Ownership on it?
Solution

  • First of all, Snowflake applies "Role-based Access Control (RBAC)". Therefore you should not consider granting privileges directly to users. It's not possible. All privileges are assigned to roles, and those roles are assigned to users.

    You mentioned SECURITYADMIN. It is a pre-defined role that is not owned by any other role. Why do you want to change the ownership of it? If you want to assign SECURITYADMIN from one user to another, you just need to run these commands:

    USE ROLE ACCOUNTADMIN;
GRANT ROLE SECURITYADMIN TO USER NEW_USER;
REVOKE ROLE SECURITYADMIN FROM USER OLD_USER;
    1. Is it possible to transfer privileges between users or clone user privileges?

    As you will assign privileges to roles, you can just grant the role to another user, so they will have the same privileges.

    1. How do we add Privileges and take Ownership on it?

    You can use GRANT command to add privileges:

    https://docs.snowflake.com/en/sql-reference/sql/grant-privilege.html

    You can use GRANT OWNERSHIP to transfer the ownership:

    https://docs.snowflake.com/en/sql-reference/sql/grant-ownership.html