SAP® BDC Connect for Snowflake Zerocopy Connector — Security and Privileges¶
This topic describes the privileges required to create and manage a Zerocopy Connector and the catalog-linked databases created from it.
Access Control Requirements¶
A role used to execute this operation must have the following privileges at a minimum:
| Privilege | Object | Notes |
|---|---|---|
CREATE ZEROCOPY CONNECTOR | Schema | Required to create a Zerocopy Connector. By default, the schema owner has this privilege. |
OPERATE | Zerocopy Connector | Required to connect or disconnect (ALTER ... CONNECT / ALTER ... DISCONNECT) and to publish a data product (SYSTEM$SAP_PUBLISH_DATA_PRODUCT). |
USAGE | Zerocopy Connector | Required to create a catalog-linked database from the connector (also requires CREATE DATABASE on the account) and to add or remove a share from the connector (also requires OWNERSHIP on the share). |
MODIFY | Zerocopy Connector | Required to set or unset properties (comment, share_back, etc.). |
MONITOR | Zerocopy Connector | Any privilege on the connector (e.g. MONITOR) is sufficient to describe the connector, show connectors, or list shares. |
OWNERSHIP | Zerocopy Connector | Required to rename or drop the connector. |
CREATE DATABASE | Account | Required to create a catalog-linked database from a Zerocopy Connector (also requires USAGE on the connector). |
For instructions on creating a custom role with a specified set of privileges, see Creating custom roles.
For general information about roles and privilege grants for performing SQL actions on securable objects, see Overview of Access Control.
Connector States¶
A Zerocopy Connector transitions through the following states. Understanding the state is important because some operations are only permitted in specific states.
| State | Description |
|---|---|
NEW | Initial state after the connector is created. No connection has been attempted yet. |
CONNECTING | A connection attempt is in progress. The connector enters this state immediately after ALTER ... CONNECT is issued. |
CONNECTED | The connection is established. Catalog-linked databases can only be created when the connector is in this state. Sharing data between Snowflake and SAP® BDC is only allowed when the connector is in this state. |
CONNECT_ERROR | The connection attempt failed. The error message is persisted on the connector. You can retry the connection from this state. |
DISCONNECTING | A disconnection is in progress. The connector enters this state immediately after ALTER ... DISCONNECT is issued. |
DISCONNECTED | The connection has been dropped. You can reconnect from this state. |
DISCONNECT_ERROR | The disconnection attempt failed. The error message is persisted on the connector. |
DELETED | The connector has been dropped. This state is permanent — Zerocopy Connectors do not support UNDROP. |
State Transition Rules¶
ALTER ... CONNECTis permitted when the connector is inNEW,CONNECT_ERROR, orDISCONNECTEDstate.ALTER ... DISCONNECTis permitted when the connector is inCONNECTEDorDISCONNECT_ERRORstate.- Share-back must be disabled before disconnecting.
- All catalog-linked databases created from the connector must be dropped before disconnecting.
DROP ZEROCOPY CONNECTORis permitted when the connector is inNEW,CONNECT_ERROR,DISCONNECT_ERROR, orDISCONNECTEDstate.- Catalog-linked databases do not support
UNDROP.