snowflake.core.role.RoleResource¶
- class snowflake.core.role.RoleResource(name: str, collection: RoleCollection)¶
Bases:
ObjectReferenceMixin
[RoleCollection
]Represents a reference to a Snowflake role.
With this role reference, you can delete roles.
Attributes
- root¶
Methods
- delete() None ¶
The delete method is deprecated; use drop instead.
- drop(if_exists: bool | None = None) None ¶
Drop this role.
- Parameters:
if_exists (bool, optional) – Check the existence of this role before dropping it. Default is
None
, which is equivalent toFalse
.
Examples
Deleting a role using its reference:
>>> role_reference.drop()
- grant_future_privileges(privileges: List[str], securable_type: str, containing_scope: ContainingScope, grant_option: bool | None = None) None ¶
Grant privileges on all future securables matching the criteria to this role.
- Parameters:
privileges (List[str]) – The list of privileges to be granted.
securable_type (str) – The type of securable on which the privileges would be granted.
containing_scope (ContainingScope) – The criteria to match the securables.
grant_option (bool, optional) – If True, the grantee can grant the privilege to others. Default is None which means False.
Examples
Using a role reference to grant privileges on all future schemas in a database to it:
>>> reference_role.grant_future_privileges(["CREATE", "USAGE"], "schema", ContainingScope(database="test_db"))
- grant_privileges(privileges: List[str], securable_type: str, securable: Securable | None = None, grant_option: bool | None = None) None ¶
Grant privileges on a securable to this role.
- Parameters:
privileges (List[str]) – The list of privileges to be granted.
securable_type (str) – The type of securable on which the privileges would be granted.
securable (Securable, optional) – The securable on which the privileges would be granted. Default is None.
grant_option (bool, optional) – If True, the grantee can grant the privilege to others. Default is None which means False.
Examples
Using a role reference to grant privileges to it:
>>> reference_role.grant_privileges(["CREATE", "USAGE"], "database", Securable(database="test_db"))
- grant_privileges_on_all(privileges: List[str], securable_type: str, containing_scope: ContainingScope, grant_option: bool | None = None) None ¶
Grant privileges on all securables matching the criteria to this role.
- Parameters:
privileges (List[str]) – The list of privileges to be granted.
securable_type (str) – The type of securable on which the privileges would be granted.
containing_scope (ContainingScope) – The criteria to match the securables.
grant_option (bool, optional) – If True, the grantee can grant the privilege to others. Default is None which means False.
Examples
Using a role reference to grant privileges on all schemas in a database to it:
>>> reference_role.grant_privileges_on_all(["CREATE", "USAGE"], "schema", ContainingScope(database="test_db"))
- grant_role(role_type: str, role: Securable) None ¶
Grant a role to this role.
- Parameters:
role_type (str) – The type of role which would be granted.
role (Securable) – The role which would be granted.
Examples
Using a role reference to grant a role to it:
>>> reference_role.grant("role", Securable(name="test_role"))
- iter_future_grants_to(show_limit: int | None = None) Iterator[Grant] ¶
List future grants to this role.
Lists all privileges on new (i.e. future) objects of a specified type in a database or schema granted to the role.
- Parameters:
show_limit (int, optional) – Limit of the maximum number of rows returned by iter(). The default is
None
, which behaves equivalently to show_limit=10000. This value must be between1
and10000
.
Examples
Using a role reference to list future grants to it:
>>> reference_role.iter_future_grants_to()
- iter_grants_of(show_limit: int | None = None) Iterator[GrantOf] ¶
List grants of this role.
Lists all users and roles to which the role has been granted.
- Parameters:
show_limit (int, optional) – Limit of the maximum number of rows returned by iter(). The default is
None
, which behaves equivalently to show_limit=10000. This value must be between1
and10000
.
Examples
Using a role reference to list grants of it:
>>> reference_role.iter_grants_of()
- iter_grants_on(show_limit: int | None = None) Iterator[GrantOn] ¶
List grants on this role.
Lists all privileges that have been granted on the role.
- Parameters:
show_limit (int, optional) – Limit of the maximum number of rows returned by iter(). The default is
None
, which behaves equivalently to show_limit=10000. This value must be between1
and10000
.
Examples
Using a role reference to list grants on it:
>>> reference_role.iter_grants_on()
- iter_grants_to(show_limit: int | None = None) Iterator[Grant] ¶
List grants to this role.
Lists all privileges and roles granted to the role.
- Parameters:
show_limit (int, optional) – Limit of the maximum number of rows returned by iter(). The default is
None
, which behaves equivalently to show_limit=10000. This value must be between1
and10000
.
Examples
Using a role reference to list grants to it:
>>> reference_role.iter_grants_to()
- revoke_future_privileges(privileges: List[str], securable_type: str, containing_scope: ContainingScope, mode: DeleteMode | None = None) None ¶
Revoke privileges on all future securables matching the criteria from this role.
- Parameters:
privileges (List[str]) – The list of privileges to be revoked.
securable_type (str) – The type of securable on which the privileges would be revoked.
containing_scope (ContainingScope) – The criteria to match the securables.
mode (DeleteMode, optional) –
One of the following enum values.
DeleteMode.restrict
: If the privilege being revoked has been re-granted to another role, the REVOKE command fails.DeleteMode.cascade
: If the privilege being revoked has been re-granted, the REVOKE command recursively revokes these dependent grants. If the same privilege on an object has been granted to the target role by a different grantor (parallel grant), that grant is not affected and the target role retains the privilege.Default is None which is equivalent to
DeleteMode.restrict
.
Examples
Using a role reference to revoke privileges on all future schemas in a database from it:
>>> reference_role.revoke_future_privileges(["CREATE", "USAGE"], "schema", ContainingScope(database="test_db"))
- revoke_grant_option_for_future_privileges(privileges: List[str], securable_type: str, containing_scope: ContainingScope, mode: DeleteMode | None = None) None ¶
Revoke grant option for privileges on all future securables matching the criteria from this role.
- Parameters:
privileges (List[str]) – The list of privileges to be revoked.
securable_type (str) – The type of securable on which the privileges would be revoked.
containing_scope (ContainingScope) – The criteria to match the securables.
mode (DeleteMode, optional) –
One of the following enum values.
DeleteMode.restrict
: If the privilege being revoked has been re-granted to another role, the REVOKE command fails.DeleteMode.cascade
: If the privilege being revoked has been re-granted, the REVOKE command recursively revokes these dependent grants. If the same privilege on an object has been granted to the target role by a different grantor (parallel grant), that grant is not affected and the target role retains the privilege.Default is None which is equivalent to
DeleteMode.restrict
.
Examples
Using a role reference to revoke grant option for privileges on all future schemas in a database from it:
>>> reference_role.revoke_grant_option_for_future_privileges(["CREATE", "USAGE"], "schema", ContainingScope(database="test_db"))
- revoke_grant_option_for_privileges(privileges: List[str], securable_type: str, securable: Securable | None = None, mode: DeleteMode | None = None) None ¶
Revoke grant option for privileges on a securable from this role.
- Parameters:
privileges (List[str]) – The list of privileges to be revoked.
securable_type (str) – The type of securable on which the privileges would be revoked.
securable (Securable, optional) – The securable on which the privileges would be revoked. Default is None.
mode (DeleteMode, optional) –
One of the following enum values.
DeleteMode.restrict
: If the privilege being revoked has been re-granted to another role, the REVOKE command fails.DeleteMode.cascade
: If the privilege being revoked has been re-granted, the REVOKE command recursively revokes these dependent grants. If the same privilege on an object has been granted to the target role by a different grantor (parallel grant), that grant is not affected and the target role retains the privilege.Default is None which is equivalent to
DeleteMode.restrict
.
Examples
Using a role reference to revoke grant option for privileges from it:
>>> reference_role.revoke_grant_option_for_privileges(["CREATE", "USAGE"], "database", Securable(database="test_db"))
- revoke_grant_option_for_privileges_on_all(privileges: List[str], securable_type: str, containing_scope: ContainingScope, mode: DeleteMode | None = None) None ¶
Revoke grant option for privileges on all securables matching the criteria from this role.
- Parameters:
privileges (List[str]) – The list of privileges to be revoked.
securable_type (str) – The type of securable on which the privileges would be revoked.
containing_scope (ContainingScope) – The criteria to match the securables.
mode (DeleteMode, optional) –
One of the following enum values.
DeleteMode.restrict
: If the privilege being revoked has been re-granted to another role, the REVOKE command fails.DeleteMode.cascade
: If the privilege being revoked has been re-granted, the REVOKE command recursively revokes these dependent grants. If the same privilege on an object has been granted to the target role by a different grantor (parallel grant), that grant is not affected and the target role retains the privilege.Default is None which is equivalent to
DeleteMode.restrict
.
Examples
Using a role reference to revoke grant option for privileges on all schemas in a database from it:
>>> reference_role.revoke_grant_option_for_privileges_on_all(["CREATE", "USAGE"], "schema", ContainingScope(database="test_db"))
- revoke_privileges(privileges: List[str], securable_type: str, securable: Securable | None = None, mode: DeleteMode | None = None) None ¶
Revoke privileges on a securable from this role.
- Parameters:
privileges (List[str]) – The list of privileges to be revoked.
securable_type (str) – The type of securable on which the privileges would be revoked.
securable (Securable, optional) – The securable on which the privileges would be revoked. Default is None.
mode (DeleteMode, optional) –
One of the following enum values.
DeleteMode.restrict
: If the privilege being revoked has been re-granted to another role, the REVOKE command fails.DeleteMode.cascade
: If the privilege being revoked has been re-granted, the REVOKE command recursively revokes these dependent grants. If the same privilege on an object has been granted to the target role by a different grantor (parallel grant), that grant is not affected and the target role retains the privilege.Default is None which is equivalent to
DeleteMode.restrict
.
Examples
Using a role reference to revoke privileges from it:
>>> reference_role.revoke_privileges(["CREATE", "USAGE"], "database", Securable(database="test_db"))
- revoke_privileges_on_all(privileges: List[str], securable_type: str, containing_scope: ContainingScope, mode: DeleteMode | None = None) None ¶
Revoke privileges on all securables matching the criteria from this role.
- Parameters:
privileges (List[str]) – The list of privileges to be revoked.
securable_type (str) – The type of securable on which the privileges would be revoked.
containing_scope (ContainingScope) – The criteria to match the securables.
mode (DeleteMode, optional) –
One of the following enum values.
DeleteMode.restrict
: If the privilege being revoked has been re-granted to another role, the REVOKE command fails.DeleteMode.cascade
: If the privilege being revoked has been re-granted, the REVOKE command recursively revokes these dependent grants. If the same privilege on an object has been granted to the target role by a different grantor (parallel grant), that grant is not affected and the target role retains the privilege.Default is None which is equivalent to
DeleteMode.restrict
.
Examples
Using a role reference to revoke privileges on all schemas in a database from it:
>>> reference_role.revoke_privileges_on_all(["CREATE", "USAGE"], "schema", ContainingScope(database="test_db"))
- revoke_role(role_type: str, role: Securable) None ¶
Revoke a role from this role.
- Parameters:
role_type (str) – The type of role which would be revoked.
role (Securable) – The role which would be revoked.
Examples
Using a role reference to revoke a role from it:
>>> reference_role.revoke("role", Securable(name="test_role"))