return_greater(int, int)
) in Snowflake which is created by the SYSADMIM
role.readwrite
) which is granted to the built-in SYSADMIN
role.Below is the stored procedure.
create or replace procedure return_greater(number_1 integer, number_2 integer)
returns integer not null
language sql
as
$$
begin
if (number_1 > number_2) then
return number_1;
else
return number_2;
end if;
end;
$$
;
I have granted all privileges on the stored procedure to the role readwrite
using the below command.
grant all privileges on procedure DatabaseName.SchemaName.return_greater(int, int) to role READWRITE;
Below are the grants on the stored procedure.
Now when I try to create/replace the stored proc using the readwrite
role I am getting the below error -
My question is how can I make the readwrite
role, create/replace the stored proc, without actually granting the ownership of the stored procedure to that role.
The short answer: not possible without transferring the ownership.
The long answer: Authorization to execute CREATE statements comes from the primary role only. When an object is created, its ownership is set to the currently active primary role. However, for any other SQL action, any permission granted to any active primary or secondary role can be used to authorize the action.
For more information have a look here.