-
Notifications
You must be signed in to change notification settings - Fork 4
/
grants.sql
492 lines (452 loc) · 18.1 KB
/
grants.sql
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
USE ROLE SECURITYADMIN;
-- ACCOUNTADMIN privileges
GRANT ROLE ACCOUNTADMIN
TO USER "[email protected]";
GRANT ROLE ACCOUNTADMIN
TO USER "[email protected]";
GRANT ROLE ACCOUNTADMIN
TO USER "[email protected]";
-- SYSADMIN privileges
GRANT ROLE SYSADMIN
TO USER "[email protected]";
GRANT ROLE SYSADMIN
TO USER "[email protected]";
GRANT ROLE SYSADMIN
TO USER "[email protected]";
GRANT ROLE SYSADMIN
TO USER DPE_SERVICE;
-- warehouse usage privileges
GRANT USAGE ON WAREHOUSE COMPUTE_XSMALL
TO ROLE DATA_ANALYTICS;
GRANT USAGE ON WAREHOUSE COMPUTE_XSMALL
TO ROLE GOVERNANCE;
-- public grants
GRANT USAGE ON DATABASE SAGE
TO ROLE PUBLIC;
-- GENIE privileges
GRANT ROLE GENIE_ADMIN
TO ROLE SYSADMIN;
GRANT ROLE GENIE_ADMIN
TO USER "[email protected]";
GRANT ROLE GENIE_ADMIN
TO USER "[email protected]";
GRANT ROLE GENIE_ADMIN
TO USER "[email protected]";
GRANT ROLE GENIE_ADMIN
TO USER "[email protected]";
GRANT ROLE GENIE_ADMIN
TO USER "[email protected]";
-- RECOVER privileges
GRANT ROLE RECOVER_DATA_ENGINEER
TO ROLE SYSADMIN;
GRANT ROLE RECOVER_DATA_ANALYTICS
TO ROLE RECOVER_DATA_ENGINEER;
GRANT ROLE RECOVER_DATA_ENGINEER
TO USER "[email protected]";
GRANT ROLE RECOVER_DATA_ENGINEER
TO USER "[email protected]";
GRANT ROLE RECOVER_DATA_ENGINEER
TO USER "[email protected]";
GRANT ROLE RECOVER_DATA_ENGINEER
TO USER RECOVER_SERVICE;
-- AD privileges
GRANT ROLE AD
TO ROLE SYSADMIN;
GRANT ROLE AD
TO USER "[email protected]";
GRANT ROLE AD
TO USER DBT_SERVICE;
GRANT ROLE AD
TO USER AD_SERVICE;
-- NF privileges
GRANT ROLE NF_ADMIN
TO ROLE SYSADMIN;
GRANT ROLE NF_ADMIN
TO USER "[email protected]";
GRANT ROLE NF_ADMIN
TO USER "[email protected]";
-- SCIDATA privileges
GRANT ROLE SCIDATA_ADMIN
TO ROLE SYSADMIN;
GRANT ROLE SCIDATA_ADMIN
TO USER "[email protected]";
GRANT ROLE SCIDATA_ADMIN
TO USER "[email protected]";
-- Data engineer privileges
GRANT ROLE DATA_ENGINEER
TO ROLE SYSADMIN;
GRANT ROLE DATA_ENGINEER
TO USER "[email protected]";
GRANT ROLE DATA_ENGINEER
TO USER "[email protected]";
GRANT ROLE DATA_ENGINEER
TO USER "[email protected]";
GRANT ROLE DATA_ENGINEER
TO USER "[email protected]";
GRANT ROLE DATA_ENGINEER
TO USER "[email protected]";
GRANT ROLE DATA_ENGINEER
TO USER "[email protected]";
GRANT ROLE DATA_ENGINEER
TO USER "[email protected]";
GRANT ROLE DATA_ENGINEER
TO USER DPE_SERVICE;
-- data analytics privileges
GRANT ROLE DATA_ANALYTICS TO USER "[email protected]";
GRANT ROLE DATA_ANALYTICS TO USER "[email protected]";
GRANT ROLE DATA_ANALYTICS TO USER "[email protected]";
GRANT ROLE DATA_ANALYTICS TO USER "[email protected]";
GRANT ROLE DATA_ANALYTICS TO USER "[email protected]";
GRANT ROLE DATA_ANALYTICS TO USER "[email protected]";
GRANT ROLE DATA_ANALYTICS TO USER "[email protected]";
GRANT ROLE DATA_ANALYTICS TO USER "[email protected]";
GRANT ROLE DATA_ANALYTICS TO USER "[email protected]";
GRANT ROLE DATA_ANALYTICS TO USER "[email protected]";
GRANT ROLE DATA_ANALYTICS TO USER "[email protected]";
GRANT ROLE DATA_ANALYTICS TO USER "[email protected]";
GRANT ROLE DATA_ANALYTICS TO USER "[email protected]";
GRANT ROLE DATA_ANALYTICS TO USER "[email protected]";
GRANT ROLE DATA_ANALYTICS TO USER "[email protected]";
GRANT ROLE DATA_ANALYTICS TO USER "[email protected]";
GRANT ROLE DATA_ANALYTICS TO USER "[email protected]";
GRANT ROLE DATA_ANALYTICS TO USER "[email protected]";
GRANT ROLE DATA_ANALYTICS TO USER "[email protected]";
GRANT ROLE DATA_ANALYTICS TO USER "[email protected]";
GRANT ROLE DATA_ANALYTICS TO USER "[email protected]";
GRANT ROLE DATA_ANALYTICS TO USER "[email protected]";
GRANT ROLE DATA_ANALYTICS TO USER "[email protected]";
GRANT ROLE DATA_ANALYTICS TO USER "[email protected]";
GRANT ROLE DATA_ANALYTICS TO USER "[email protected]";
GRANT ROLE DATA_ANALYTICS TO USER "[email protected]";
GRANT ROLE DATA_ANALYTICS TO USER "[email protected]";
GRANT ROLE DATA_ANALYTICS TO USER "[email protected]";
GRANT ROLE DATA_ANALYTICS TO USER "[email protected]";
GRANT ROLE DATA_ANALYTICS TO USER "[email protected]";
GRANT ROLE DATA_ANALYTICS TO USER "[email protected]";
GRANT ROLE DATA_ANALYTICS TO USER "[email protected]";
GRANT ROLE DATA_ANALYTICS TO USER "[email protected]";
GRANT ROLE DATA_ANALYTICS TO USER "[email protected]";
GRANT ROLE DATA_ANALYTICS TO USER "[email protected]";
GRANT ROLE DATA_ANALYTICS TO USER "[email protected]";
GRANT ROLE DATA_ANALYTICS TO USER "[email protected]";
GRANT ROLE DATA_ANALYTICS TO USER "[email protected]";
GRANT ROLE DATA_ANALYTICS TO USER "[email protected]";
GRANT ROLE DATA_ANALYTICS TO USER "[email protected]";
GRANT ROLE DATA_ANALYTICS TO USER "[email protected]";
GRANT ROLE DATA_ANALYTICS TO USER "[email protected]";
GRANT ROLE DATA_ANALYTICS TO USER "[email protected]";
GRANT ROLE DATA_ANALYTICS TO USER "[email protected]";
GRANT ROLE DATA_ANALYTICS TO USER "[email protected]";
GRANT ROLE DATA_ANALYTICS TO USER "[email protected]";
GRANT ROLE DATA_ANALYTICS TO USER "[email protected]";
GRANT ROLE DATA_ANALYTICS TO USER "[email protected]";
GRANT ROLE DATA_ANALYTICS TO USER "[email protected]";
GRANT ROLE DATA_ANALYTICS TO USER "[email protected]";
GRANT ROLE DATA_ANALYTICS TO USER "[email protected]";
GRANT ROLE DATA_ANALYTICS TO USER "[email protected]";
GRANT ROLE DATA_ANALYTICS TO USER "[email protected]";
GRANT ROLE DATA_ANALYTICS TO USER "[email protected]";
GRANT ROLE DATA_ANALYTICS TO USER "[email protected]";
GRANT ROLE DATA_ANALYTICS TO USER "[email protected]";
GRANT ROLE DATA_ANALYTICS TO USER "[email protected]";
GRANT ROLE DATA_ANALYTICS TO USER "[email protected]";
GRANT ROLE DATA_ANALYTICS TO USER "[email protected]";
GRANT ROLE DATA_ANALYTICS TO USER "[email protected]";
GRANT ROLE DATA_ANALYTICS TO USER "[email protected]";
GRANT ROLE DATA_ANALYTICS TO USER "[email protected]";
GRANT ROLE DATA_ANALYTICS TO USER "[email protected]";
GRANT ROLE DATA_ANALYTICS TO USER "[email protected]";
GRANT ROLE DATA_ANALYTICS TO USER "[email protected]";
GRANT ROLE DATA_ANALYTICS TO USER "[email protected]";
GRANT ROLE DATA_ANALYTICS TO USER "[email protected]";
GRANT ROLE DATA_ANALYTICS TO USER "[email protected]";
GRANT ROLE DATA_ANALYTICS TO USER "[email protected]";
GRANT ROLE DATA_ANALYTICS TO USER "[email protected]";
GRANT ROLE DATA_ANALYTICS TO USER "[email protected]";
GRANT ROLE DATA_ANALYTICS TO USER "[email protected]";
GRANT ROLE DATA_ANALYTICS TO USER "[email protected]";
GRANT ROLE DATA_ANALYTICS TO USER "[email protected]";
GRANT ROLE DATA_ANALYTICS TO USER "[email protected]";
GRANT ROLE DATA_ANALYTICS TO USER AD_SERVICE;
// Leaders
GRANT ROLE SAGE_LEADERS TO USER "[email protected]";
GRANT ROLE SAGE_LEADERS TO USER "[email protected]";
GRANT ROLE SAGE_LEADERS TO USER "[email protected]";
GRANT ROLE SAGE_LEADERS TO USER "[email protected]";
GRANT ROLE SAGE_LEADERS TO USER "[email protected]";
GRANT ROLE SAGE_LEADERS TO USER "[email protected]";
GRANT ROLE SAGE_LEADERS TO USER "[email protected]";
GRANT ROLE SAGE_LEADERS TO USER "[email protected]";
GRANT ROLE SAGE_LEADERS TO USER "[email protected]";
GRANT ROLE SAGE_LEADERS TO USER "[email protected]";
GRANT ROLE SAGE_LEADERS TO USER "[email protected]";
GRANT ROLE SAGE_LEADERS TO ROLE SYSADMIN;
GRANT ROLE DATA_ANALYTICS TO ROLE SAGE_LEADERS;
GRANT ROLE DATA_ANALYTICS TO ROLE SCIDATA_ADMIN;
GRANT ROLE DATA_ANALYTICS TO ROLE NF_ADMIN;
GRANT ROLE DATA_ANALYTICS TO ROLE GENIE_ADMIN;
GRANT ROLE DATA_ANALYTICS TO ROLE AD;
GRANT ROLE DATA_ANALYTICS TO ROLE GOVERNANCE;
GRANT ROLE FAIR TO USER "[email protected]";
GRANT ROLE FAIR TO USER "[email protected]";
GRANT ROLE FAIR TO USER "[email protected]";
GRANT ROLE FAIR TO USER "[email protected]";
GRANT ROLE FAIR TO USER "[email protected]";
GRANT ROLE FAIR TO USER "[email protected]";
GRANT ROLE FAIR TO USER "[email protected]";
GRANT ROLE FAIR TO USER "[email protected]";
GRANT ROLE FAIR TO ROLE SYSADMIN;
GRANT ROLE DPE_OPS TO USER "[email protected]";
GRANT ROLE DPE_OPS TO USER "[email protected]";
GRANT ROLE DPE_OPS TO ROLE SYSADMIN;
GRANT ROLE GOVERNANCE TO USER "[email protected]";
GRANT ROLE GOVERNANCE TO USER "[email protected]";
GRANT ROLE GOVERNANCE TO USER "[email protected]";
GRANT ROLE GOVERNANCE TO USER "[email protected]";
GRANT ROLE GOVERNANCE TO USER "[email protected]";
GRANT ROLE GOVERNANCE TO ROLE SYSADMIN;
-- Create governance privileges
GRANT ROLE MASKING_ADMIN
TO USER "[email protected]";
USE ROLE ACCOUNTADMIN;
GRANT APPLY MASKING POLICY ON ACCOUNT
TO ROLE MASKING_ADMIN;
-- Synapse data warehouse privileges
GRANT USAGE ON INTEGRATION SYNAPSE_PROD_WAREHOUSE_S3
TO ROLE SYSADMIN;
GRANT USAGE ON INTEGRATION SYNAPSE_PROD_WAREHOUSE_S3
TO ROLE DATA_ENGINEER;
USE ROLE SECURITYADMIN;
GRANT CREATE SCHEMA, USAGE ON DATABASE SYNAPSE_DATA_WAREHOUSE
TO ROLE DATA_ENGINEER;
GRANT --noqa: PRS
CREATE DYNAMIC TABLE,
CREATE FUNCTION,
CREATE PROCEDURE,
CREATE STAGE,
CREATE STREAM,
CREATE STREAMLIT,
CREATE TABLE,
CREATE TASK,
MODIFY,
USAGE
ON FUTURE SCHEMAS IN DATABASE SYNAPSE_DATA_WAREHOUSE
TO ROLE DATA_ENGINEER;
GRANT
INSERT, SELECT, UPDATE, EVOLVE SCHEMA
ON FUTURE TABLES IN DATABASE SYNAPSE_DATA_WAREHOUSE
TO ROLE DATA_ENGINEER;
GRANT ALL PRIVILEGES ON FUTURE STAGES IN DATABASE SYNAPSE_DATA_WAREHOUSE
TO ROLE DATA_ENGINEER;
GRANT ALL PRIVILEGES ON FUTURE DYNAMIC TABLES IN DATABASE SYNAPSE_DATA_WAREHOUSE --noqa: PRS
TO ROLE DATA_ENGINEER;
GRANT ALL PRIVILEGES ON FUTURE STREAMS IN DATABASE SYNAPSE_DATA_WAREHOUSE
TO ROLE DATA_ENGINEER;
GRANT ALL PRIVILEGES ON FUTURE TASKS IN DATABASE SYNAPSE_DATA_WAREHOUSE
TO ROLE DATA_ENGINEER;
-- GRANT INSERT, SELECT, UPDATE, EVOLVE SCHEMA ON ALL TABLES IN DATABASE SYNAPSE_DATA_WAREHOUSE
-- TO ROLE DATA_ENGINEER;
-- GRANT ALL PRIVILEGES ON ALL DYNAMIC TABLES IN DATABASE SYNAPSE_DATA_WAREHOUSE
-- TO ROLE DATA_ENGINEER;
-- GRANT ALL PRIVILEGES ON ALL STAGES IN DATABASE SYNAPSE_DATA_WAREHOUSE
-- TO ROLE DATA_ENGINEER;
-- GRANT ALL PRIVILEGES ON ALL STREAMS IN DATABASE SYNAPSE_DATA_WAREHOUSE
-- TO ROLE DATA_ENGINEER;
GRANT CREATE MASKING POLICY ON SCHEMA SYNAPSE_DATA_WAREHOUSE.SYNAPSE
TO ROLE MASKING_ADMIN;
-- Allow for data engineer role to create tasks
-- https://docs.snowflake.com/en/user-guide/tasks-intro#creating-tasks
USE ROLE ACCOUNTADMIN;
GRANT EXECUTE TASK, EXECUTE MANAGED TASK ON ACCOUNT TO ROLE taskadmin;
GRANT CREATE DATABASE ON ACCOUNT TO ROLE DATA_ENGINEER; --noqa: PRS
USE ROLE securityadmin;
GRANT ROLE taskadmin TO ROLE DATA_ENGINEER; --noqa: PRS
GRANT CREATE TASK ON SCHEMA SYNAPSE_DATA_WAREHOUSE.SYNAPSE_RAW
TO ROLE DATA_ENGINEER;
GRANT CREATE TASK ON SCHEMA SYNAPSE_DATA_WAREHOUSE_DEV.SYNAPSE_RAW
TO ROLE DATA_ENGINEER;
-- data analytics role
GRANT USAGE ON DATABASE SYNAPSE_DATA_WAREHOUSE
TO ROLE DATA_ANALYTICS;
GRANT USAGE ON SCHEMA SYNAPSE_DATA_WAREHOUSE.SYNAPSE
TO ROLE DATA_ANALYTICS;
GRANT SELECT ON FUTURE TABLES IN SCHEMA SYNAPSE_DATA_WAREHOUSE.SYNAPSE
TO ROLE DATA_ANALYTICS;
GRANT SELECT ON ALL TABLES IN SCHEMA SYNAPSE_DATA_WAREHOUSE.SYNAPSE
TO ROLE DATA_ANALYTICS;
GRANT SELECT ON FUTURE DYNAMIC TABLES IN SCHEMA SYNAPSE_DATA_WAREHOUSE.SYNAPSE
TO ROLE DATA_ANALYTICS;
GRANT SELECT ON ALL DYNAMIC TABLES IN SCHEMA SYNAPSE_DATA_WAREHOUSE.SYNAPSE
TO ROLE DATA_ANALYTICS;
-- HACK: temporary access
GRANT USAGE ON SCHEMA SYNAPSE_DATA_WAREHOUSE.SYNAPSE_RAW
TO ROLE DATA_ANALYTICS;
GRANT SELECT ON TABLE SYNAPSE_DATA_WAREHOUSE.SYNAPSE_RAW.ACLSNAPSHOTS
TO ROLE DATA_ANALYTICS;
-- Synapse data warehouse dev privileges
USE SCHEMA SYNAPSE_DATA_WAREHOUSE_DEV.SYNAPSE_RAW;
GRANT USAGE ON INTEGRATION SYNAPSE_DEV_WAREHOUSE_S3
TO ROLE SYSADMIN;
GRANT USAGE ON INTEGRATION SYNAPSE_DEV_WAREHOUSE_S3
TO ROLE DATA_ENGINEER;
-- GRANT CREATE MASKING POLICY ON SCHEMA synapse_data_warehouse_dev.synapse
-- TO ROLE masking_admin;
GRANT CREATE SCHEMA, USAGE ON DATABASE SYNAPSE_DATA_WAREHOUSE_DEV
TO ROLE DATA_ENGINEER;
GRANT
CREATE DYNAMIC TABLE,
CREATE FUNCTION,
CREATE PROCEDURE,
CREATE STAGE,
CREATE STREAM,
CREATE STREAMLIT,
CREATE TABLE,
CREATE TASK,
MODIFY,
USAGE
ON FUTURE SCHEMAS IN DATABASE SYNAPSE_DATA_WAREHOUSE_DEV
TO ROLE DATA_ENGINEER;
GRANT INSERT, SELECT, UPDATE, EVOLVE SCHEMA ON FUTURE TABLES IN DATABASE SYNAPSE_DATA_WAREHOUSE_DEV
TO ROLE DATA_ENGINEER;
GRANT ALL PRIVILEGES ON FUTURE DYNAMIC TABLES IN DATABASE SYNAPSE_DATA_WAREHOUSE_DEV
TO ROLE DATA_ENGINEER;
GRANT ALL PRIVILEGES ON FUTURE STAGES IN DATABASE SYNAPSE_DATA_WAREHOUSE_DEV
TO ROLE DATA_ENGINEER;
GRANT ALL PRIVILEGES ON FUTURE STREAMS IN DATABASE SYNAPSE_DATA_WAREHOUSE_DEV
TO ROLE DATA_ENGINEER;
GRANT ALL PRIVILEGES ON FUTURE TASKS IN DATABASE SYNAPSE_DATA_WAREHOUSE_DEV
TO ROLE DATA_ENGINEER;
-- GRANT
-- CREATE FUNCTION,
-- CREATE PROCEDURE,
-- CREATE STAGE,
-- CREATE STREAM,
-- CREATE STREAMLIT,
-- CREATE TABLE,
-- CREATE TASK,
-- MODIFY,
-- USAGE
-- ON ALL SCHEMAS IN DATABASE SYNAPSE_DATA_WAREHOUSE_DEV
-- GRANT INSERT, SELECT, UPDATE ON ALL TABLES IN DATABASE SYNAPSE_DATA_WAREHOUSE_DEV
-- TO ROLE DATA_ENGINEER;
-- GRANT ALL PRIVILEGES ON ALL DYNAMIC TABLES IN DATABASE SYNAPSE_DATA_WAREHOUSE_DEV
-- TO ROLE DATA_ENGINEER;
-- GRANT ALL PRIVILEGES ON ALL STAGES IN DATABASE SYNAPSE_DATA_WAREHOUSE_DEV
-- TO ROLE DATA_ENGINEER;
-- GRANT ALL PRIVILEGES ON ALL STREAMS IN DATABASE SYNAPSE_DATA_WAREHOUSE_DEV
-- TO ROLE DATA_ENGINEER;
GRANT USAGE ON DATABASE SYNAPSE_DATA_WAREHOUSE
TO ROLE GOVERNANCE;
GRANT USAGE ON ALL SCHEMAS IN DATABASE SYNAPSE_DATA_WAREHOUSE
TO ROLE GOVERNANCE;
GRANT SELECT ON ALL TABLES IN DATABASE SYNAPSE_DATA_WAREHOUSE
TO ROLE GOVERNANCE;
GRANT SELECT ON ALL VIEWS IN DATABASE SYNAPSE_DATA_WAREHOUSE
TO ROLE GOVERNANCE;
GRANT SELECT ON ALL DYNAMIC TABLES IN DATABASE SYNAPSE_DATA_WAREHOUSE
TO ROLE GOVERNANCE;
GRANT USAGE ON FUTURE SCHEMAS IN DATABASE SYNAPSE_DATA_WAREHOUSE
TO ROLE GOVERNANCE;
GRANT SELECT ON FUTURE TABLES IN DATABASE SYNAPSE_DATA_WAREHOUSE
TO ROLE GOVERNANCE;
GRANT SELECT ON FUTURE VIEWS IN DATABASE SYNAPSE_DATA_WAREHOUSE
TO ROLE GOVERNANCE;
GRANT SELECT ON FUTURE DYNAMIC TABLES IN DATABASE SYNAPSE_DATA_WAREHOUSE
TO ROLE GOVERNANCE;
GRANT USAGE ON ALL PROCEDURES IN DATABASE SYNAPSE_DATA_WAREHOUSE
TO ROLE GOVERNANCE;
GRANT USAGE ON FUTURE PROCEDURES IN DATABASE SYNAPSE_DATA_WAREHOUSE
TO ROLE GOVERNANCE;
-- Sage database privileges
GRANT ALL PRIVILEGES ON FUTURE SCHEMAS IN DATABASE SAGE
TO ROLE DATA_ENGINEER;
GRANT ALL PRIVILEGES ON FUTURE TABLES IN DATABASE SAGE
TO ROLE DATA_ENGINEER;
GRANT CREATE SCHEMA, USAGE ON DATABASE SAGE
TO ROLE DATA_ENGINEER;
GRANT ALL PRIVILEGES ON ALL SCHEMAS IN DATABASE SAGE
TO ROLE DATA_ENGINEER;
GRANT ALL PRIVILEGES ON ALL TABLES IN DATABASE SAGE
TO ROLE DATA_ENGINEER;
-- GRANT USAGE ON FUTURE SCHEMAS IN DATABASE SAGE
-- TO ROLE DATA_ANALYTICS;
-- GRANT SELECT ON FUTURE TABLES IN DATABASE SAGE
-- TO ROLE DATA_ANALYTICS;
-- GRANT SELECT ON FUTURE VIEWS IN DATABASE SAGE
-- TO ROLE DATA_ANALYTICS;
GRANT SELECT ON FUTURE TABLES IN SCHEMA SAGE.AD
TO ROLE DATA_ANALYTICS;
GRANT SELECT ON FUTURE VIEWS IN SCHEMA SAGE.AD
TO ROLE DATA_ANALYTICS;
GRANT SELECT ON FUTURE TABLES IN SCHEMA SAGE.IT
TO ROLE DATA_ANALYTICS;
GRANT SELECT ON FUTURE VIEWS IN SCHEMA SAGE.IT
TO ROLE DATA_ANALYTICS;
GRANT SELECT ON FUTURE TABLES IN SCHEMA SAGE.CITATIONS
TO ROLE DATA_ANALYTICS;
GRANT SELECT ON FUTURE VIEWS IN SCHEMA SAGE.CITATIONS
TO ROLE DATA_ANALYTICS;
GRANT SELECT ON FUTURE VIEWS IN SCHEMA SAGE.AUDIT
TO ROLE DATA_ANALYTICS;
GRANT SELECT ON FUTURE VIEWS IN SCHEMA SAGE.AUDIT
TO ROLE DATA_ANALYTICS;
GRANT USAGE ON DATABASE SAGE
TO ROLE DATA_ANALYTICS;
-- AD database privileges
USE SCHEMA SAGE.AD;
GRANT ALL PRIVILEGES ON SCHEMA AD
TO ROLE AD;
GRANT CREATE SCHEMA, USAGE ON DATABASE SAGE
TO ROLE AD;
GRANT USAGE ON DATABASE SYNAPSE_DATA_WAREHOUSE
TO ROLE AD;
GRANT USAGE ON SCHEMA SYNAPSE_DATA_WAREHOUSE.SYNAPSE
TO ROLE AD;
GRANT SELECT ON FUTURE TABLES IN SCHEMA SYNAPSE_DATA_WAREHOUSE.SYNAPSE
TO ROLE AD;
GRANT SELECT ON ALL TABLES IN SCHEMA SYNAPSE_DATA_WAREHOUSE.SYNAPSE
TO ROLE AD;
-- NF database privileges
USE SCHEMA SAGE.NF;
GRANT ALL PRIVILEGES ON SCHEMA NF
TO ROLE NF_ADMIN;
-- SCIDATA database privileges
USE SCHEMA SAGE.SCIDATA;
GRANT ALL PRIVILEGES ON SCHEMA SCIDATA
TO ROLE SCIDATA_ADMIN;
-- GENIE database privileges
USE DATABASE GENIE;
GRANT USAGE ON DATABASE GENIE
TO ROLE GENIE_ADMIN;
GRANT USAGE ON FUTURE SCHEMAS IN DATABASE GENIE
TO ROLE GENIE_ADMIN;
GRANT SELECT ON FUTURE TABLES IN DATABASE GENIE
TO ROLE GENIE_ADMIN;
GRANT USAGE ON WAREHOUSE TABLEAU
TO ROLE GENIE_ADMIN;
-- RECOVER database privileges
USE DATABASE RECOVER;
GRANT CREATE SCHEMA, USAGE ON DATABASE RECOVER
TO ROLE RECOVER_DATA_ENGINEER;
GRANT ALL PRIVILEGES ON FUTURE SCHEMAS IN DATABASE RECOVER
TO ROLE RECOVER_DATA_ENGINEER;
GRANT ALL PRIVILEGES ON FUTURE TABLES IN DATABASE RECOVER
TO ROLE RECOVER_DATA_ENGINEER;
GRANT USAGE ON WAREHOUSE RECOVER_XSMALL
TO ROLE RECOVER_DATA_ENGINEER;
GRANT USAGE ON DATABASE RECOVER
TO ROLE RECOVER_DATA_ANALYTICS;
GRANT USAGE ON FUTURE SCHEMAS IN DATABASE RECOVER
TO ROLE RECOVER_DATA_ANALYTICS;
GRANT SELECT ON FUTURE TABLES IN DATABASE RECOVER
TO ROLE RECOVER_DATA_ANALYTICS;
GRANT USAGE ON INTEGRATION RECOVER_DEV_S3
TO ROLE SYSADMIN;
-- Create DBT specific role
GRANT SELECT ON FUTURE TABLES IN DATABASE RECOVER
TO ROLE RECOVER_DATA_ANALYTICS;
-- IPINFO
GRANT IMPORTED PRIVILEGES ON DATABASE IPINFO_FREE_COUNTRY__ASN_IP_ADDRESS_DATA
TO DATA_ANALYTICS;
GRANT IMPORTED PRIVILEGES ON DATABASE IPINFO_FREE_COUNTRY__ASN_IP_ADDRESS_DATA
TO DATA_ENGINEER;