snowflake.core.role.RoleResource

class snowflake.core.role.RoleResource(name: str, collection: RoleCollection)

Bases: ObjectReferenceMixin[RoleCollection]

Represents a reference to a Snowflake role.

With this role reference, you can delete roles.

Attributes

root

Methods

delete() None

The delete method is deprecated; use drop instead.

drop(if_exists: bool | None = None) None

Drop this role.

Parameters:

if_exists (bool, optional) – Check the existence of this role before dropping it. Default is None, which is equivalent to False.

Examples

Deleting a role using its reference:

>>> role_reference.drop()
Copy
grant_future_privileges(privileges: List[str], securable_type: str, containing_scope: ContainingScope, grant_option: bool | None = None) None

Grant privileges on all future securables matching the criteria to this role.

Parameters:
  • privileges (List[str]) – The list of privileges to be granted.

  • securable_type (str) – The type of securable on which the privileges would be granted.

  • containing_scope (ContainingScope) – The criteria to match the securables.

  • grant_option (bool, optional) – If True, the grantee can grant the privilege to others. Default is None which means False.

Examples

Using a role reference to grant privileges on all future schemas in a database to it:

>>> reference_role.grant_future_privileges(["CREATE", "USAGE"], "schema", ContainingScope(database="test_db"))
Copy
grant_privileges(privileges: List[str], securable_type: str, securable: Securable | None = None, grant_option: bool | None = None) None

Grant privileges on a securable to this role.

Parameters:
  • privileges (List[str]) – The list of privileges to be granted.

  • securable_type (str) – The type of securable on which the privileges would be granted.

  • securable (Securable, optional) – The securable on which the privileges would be granted. Default is None.

  • grant_option (bool, optional) – If True, the grantee can grant the privilege to others. Default is None which means False.

Examples

Using a role reference to grant privileges to it:

>>> reference_role.grant_privileges(["CREATE", "USAGE"], "database", Securable(database="test_db"))
Copy
grant_privileges_on_all(privileges: List[str], securable_type: str, containing_scope: ContainingScope, grant_option: bool | None = None) None

Grant privileges on all securables matching the criteria to this role.

Parameters:
  • privileges (List[str]) – The list of privileges to be granted.

  • securable_type (str) – The type of securable on which the privileges would be granted.

  • containing_scope (ContainingScope) – The criteria to match the securables.

  • grant_option (bool, optional) – If True, the grantee can grant the privilege to others. Default is None which means False.

Examples

Using a role reference to grant privileges on all schemas in a database to it:

>>> reference_role.grant_privileges_on_all(["CREATE", "USAGE"], "schema", ContainingScope(database="test_db"))
Copy
grant_role(role_type: str, role: Securable) None

Grant a role to this role.

Parameters:
  • role_type (str) – The type of role which would be granted.

  • role (Securable) – The role which would be granted.

Examples

Using a role reference to grant a role to it:

>>> reference_role.grant("role", Securable(name="test_role"))
Copy
iter_future_grants_to(show_limit: int | None = None) Iterator[Grant]

List future grants to this role.

Lists all privileges on new (i.e. future) objects of a specified type in a database or schema granted to the role.

Parameters:

show_limit (int, optional) – Limit of the maximum number of rows returned by iter(). The default is None, which behaves equivalently to show_limit=10000. This value must be between 1 and 10000.

Examples

Using a role reference to list future grants to it:

>>> reference_role.iter_future_grants_to()
Copy
iter_grants_of(show_limit: int | None = None) Iterator[GrantOf]

List grants of this role.

Lists all users and roles to which the role has been granted.

Parameters:

show_limit (int, optional) – Limit of the maximum number of rows returned by iter(). The default is None, which behaves equivalently to show_limit=10000. This value must be between 1 and 10000.

Examples

Using a role reference to list grants of it:

>>> reference_role.iter_grants_of()
Copy
iter_grants_on(show_limit: int | None = None) Iterator[GrantOn]

List grants on this role.

Lists all privileges that have been granted on the role.

Parameters:

show_limit (int, optional) – Limit of the maximum number of rows returned by iter(). The default is None, which behaves equivalently to show_limit=10000. This value must be between 1 and 10000.

Examples

Using a role reference to list grants on it:

>>> reference_role.iter_grants_on()
Copy
iter_grants_to(show_limit: int | None = None) Iterator[Grant]

List grants to this role.

Lists all privileges and roles granted to the role.

Parameters:

show_limit (int, optional) – Limit of the maximum number of rows returned by iter(). The default is None, which behaves equivalently to show_limit=10000. This value must be between 1 and 10000.

Examples

Using a role reference to list grants to it:

>>> reference_role.iter_grants_to()
Copy
revoke_future_privileges(privileges: List[str], securable_type: str, containing_scope: ContainingScope, mode: DeleteMode | None = None) None

Revoke privileges on all future securables matching the criteria from this role.

Parameters:
  • privileges (List[str]) – The list of privileges to be revoked.

  • securable_type (str) – The type of securable on which the privileges would be revoked.

  • containing_scope (ContainingScope) – The criteria to match the securables.

  • mode (DeleteMode, optional) –

    One of the following enum values.

    DeleteMode.restrict: If the privilege being revoked has been re-granted to another role, the REVOKE command fails.

    DeleteMode.cascade: If the privilege being revoked has been re-granted, the REVOKE command recursively revokes these dependent grants. If the same privilege on an object has been granted to the target role by a different grantor (parallel grant), that grant is not affected and the target role retains the privilege.

    Default is None which is equivalent to DeleteMode.restrict.

Examples

Using a role reference to revoke privileges on all future schemas in a database from it:

>>> reference_role.revoke_future_privileges(["CREATE", "USAGE"], "schema", ContainingScope(database="test_db"))
Copy
revoke_grant_option_for_future_privileges(privileges: List[str], securable_type: str, containing_scope: ContainingScope, mode: DeleteMode | None = None) None

Revoke grant option for privileges on all future securables matching the criteria from this role.

Parameters:
  • privileges (List[str]) – The list of privileges to be revoked.

  • securable_type (str) – The type of securable on which the privileges would be revoked.

  • containing_scope (ContainingScope) – The criteria to match the securables.

  • mode (DeleteMode, optional) –

    One of the following enum values.

    DeleteMode.restrict: If the privilege being revoked has been re-granted to another role, the REVOKE command fails.

    DeleteMode.cascade: If the privilege being revoked has been re-granted, the REVOKE command recursively revokes these dependent grants. If the same privilege on an object has been granted to the target role by a different grantor (parallel grant), that grant is not affected and the target role retains the privilege.

    Default is None which is equivalent to DeleteMode.restrict.

Examples

Using a role reference to revoke grant option for privileges on all future schemas in a database from it:

>>> reference_role.revoke_grant_option_for_future_privileges(["CREATE", "USAGE"], "schema", ContainingScope(database="test_db"))
Copy
revoke_grant_option_for_privileges(privileges: List[str], securable_type: str, securable: Securable | None = None, mode: DeleteMode | None = None) None

Revoke grant option for privileges on a securable from this role.

Parameters:
  • privileges (List[str]) – The list of privileges to be revoked.

  • securable_type (str) – The type of securable on which the privileges would be revoked.

  • securable (Securable, optional) – The securable on which the privileges would be revoked. Default is None.

  • mode (DeleteMode, optional) –

    One of the following enum values.

    DeleteMode.restrict: If the privilege being revoked has been re-granted to another role, the REVOKE command fails.

    DeleteMode.cascade: If the privilege being revoked has been re-granted, the REVOKE command recursively revokes these dependent grants. If the same privilege on an object has been granted to the target role by a different grantor (parallel grant), that grant is not affected and the target role retains the privilege.

    Default is None which is equivalent to DeleteMode.restrict.

Examples

Using a role reference to revoke grant option for privileges from it:

>>> reference_role.revoke_grant_option_for_privileges(["CREATE", "USAGE"], "database", Securable(database="test_db"))
Copy
revoke_grant_option_for_privileges_on_all(privileges: List[str], securable_type: str, containing_scope: ContainingScope, mode: DeleteMode | None = None) None

Revoke grant option for privileges on all securables matching the criteria from this role.

Parameters:
  • privileges (List[str]) – The list of privileges to be revoked.

  • securable_type (str) – The type of securable on which the privileges would be revoked.

  • containing_scope (ContainingScope) – The criteria to match the securables.

  • mode (DeleteMode, optional) –

    One of the following enum values.

    DeleteMode.restrict: If the privilege being revoked has been re-granted to another role, the REVOKE command fails.

    DeleteMode.cascade: If the privilege being revoked has been re-granted, the REVOKE command recursively revokes these dependent grants. If the same privilege on an object has been granted to the target role by a different grantor (parallel grant), that grant is not affected and the target role retains the privilege.

    Default is None which is equivalent to DeleteMode.restrict.

Examples

Using a role reference to revoke grant option for privileges on all schemas in a database from it:

>>> reference_role.revoke_grant_option_for_privileges_on_all(["CREATE", "USAGE"], "schema", ContainingScope(database="test_db"))
Copy
revoke_privileges(privileges: List[str], securable_type: str, securable: Securable | None = None, mode: DeleteMode | None = None) None

Revoke privileges on a securable from this role.

Parameters:
  • privileges (List[str]) – The list of privileges to be revoked.

  • securable_type (str) – The type of securable on which the privileges would be revoked.

  • securable (Securable, optional) – The securable on which the privileges would be revoked. Default is None.

  • mode (DeleteMode, optional) –

    One of the following enum values.

    DeleteMode.restrict: If the privilege being revoked has been re-granted to another role, the REVOKE command fails.

    DeleteMode.cascade: If the privilege being revoked has been re-granted, the REVOKE command recursively revokes these dependent grants. If the same privilege on an object has been granted to the target role by a different grantor (parallel grant), that grant is not affected and the target role retains the privilege.

    Default is None which is equivalent to DeleteMode.restrict.

Examples

Using a role reference to revoke privileges from it:

>>> reference_role.revoke_privileges(["CREATE", "USAGE"], "database", Securable(database="test_db"))
Copy
revoke_privileges_on_all(privileges: List[str], securable_type: str, containing_scope: ContainingScope, mode: DeleteMode | None = None) None

Revoke privileges on all securables matching the criteria from this role.

Parameters:
  • privileges (List[str]) – The list of privileges to be revoked.

  • securable_type (str) – The type of securable on which the privileges would be revoked.

  • containing_scope (ContainingScope) – The criteria to match the securables.

  • mode (DeleteMode, optional) –

    One of the following enum values.

    DeleteMode.restrict: If the privilege being revoked has been re-granted to another role, the REVOKE command fails.

    DeleteMode.cascade: If the privilege being revoked has been re-granted, the REVOKE command recursively revokes these dependent grants. If the same privilege on an object has been granted to the target role by a different grantor (parallel grant), that grant is not affected and the target role retains the privilege.

    Default is None which is equivalent to DeleteMode.restrict.

Examples

Using a role reference to revoke privileges on all schemas in a database from it:

>>> reference_role.revoke_privileges_on_all(["CREATE", "USAGE"], "schema", ContainingScope(database="test_db"))
Copy
revoke_role(role_type: str, role: Securable) None

Revoke a role from this role.

Parameters:
  • role_type (str) – The type of role which would be revoked.

  • role (Securable) – The role which would be revoked.

Examples

Using a role reference to revoke a role from it:

>>> reference_role.revoke("role", Securable(name="test_role"))
Copy
Language: English