Published in Snowflake

Sachin Mittal
Oct 27, 2022 · 3 min read · Listen

Secondary Roles in Snowflake

Read Time:2 Minute, 22 Second Sachin Mittal

306 Followers

During this post we will discuss about Primary roles and Secondary Roles.
Follow
Primary Role is your current role. The Role we select by using USE
<<ROLE>> or the default role assigned to the user at the time of creation.
More from Medium
Sometimes when there is no role assign a default PUBLIC role assigns to the
12
user. John Ryan in Snowflake

Top 14 Snowflake Data

Engineering Best Practices
In addition to it, Snowflake has introduced the concept of Secondary roles as
well. A user can have one or more Roles. The user has access to all the Manoj Kuk… in Towards Data Sci…

objects in the union of all the Roles assigned. For example, you could assign Handling Slowly Changing
Dimensions (SCD) using Delta
a sales manager both the Sales Manager Role and the Field Sales Tables
Representative role.
Rajiv Gupta in Dev Genius

When To Use Which Table In

Syntax for using Secondary roles: Snowflake?

Rajiv Gupta in Snowflake

USE SECONDARY ROLES { ALL | NONE }
Snowflake Micro-partitions &
Table Clustering
Parameters

ALL: All roles that have been granted to the user in addition to the current
active primary role. Note that the set of roles gets reevaluate when each SQL
statement executes. If additional roles grants to the user, and that user
executes a new SQL statement, the newly granted roles are active secondary
roles for the new SQL statement.

NONE: Disables secondary roles. The authorization for all SQL actions is
provided via the primary role.

Consider the scenario we have three different roles Analyst_Role

,Tester_Role and Developer Role. Base on Business Requirement, every role
is authorized to query its own table only. All three Roles are assigned to
ADMIN_USER.

ADMIN_USER wants to query the table belongs to TESTER_ROLE. In this case

user has to switch the Role from current Role i.e ANALYST_ROLE to
TESTER_ROLE. On the similar lines if user wants to view the table belongs to
DEVLOPER_ROLE ,user has to select the desired Role. As per the below Screenshot,
even though all three roles are assign to User but querying the table belongs to
Secondary Role issue the error.

Help Status Writers Blog Careers Privacy Terms About

Text to speech

Query Table Error

Primary and Secondary Roles to User

Multiple Roles:
Assuming we have multiple Roles in system and each Role holds multiple
tables then it would be tedious for User to switch the Role frequently. Here
the Secondary Roles plays a significance Role.

Run the Following Command in WEBUI:

Secondary Role
 We can clearly see DEVELOPER and TESTER Roles are assign to user as
Secondary Roles.

Now try to run the same CUSTOM_TABLE query from the WEBUI and verify
the result.

Roles Tables

Therefore, User has access to all the objects by UNION of all ROLES assign to
it. User need not to remember which particular Role holds which table. He
can directly query the table without switching to multiple roles.

The story is originally published at:

https://cloudyard.in/2022/07/secondary-roles-in-snowflake/

Data Superhero Snowflake

About Help Terms Privacy