SHOW TAGS: Shared Tags Require the READ Privilege on the Tag¶

The behavior of the SHOW TAGS command with respect to data sharing is as follows:

Previously:

If a data sharing provider shares a schema that stores tags, the consumer can view all of the shared tags using a SHOW TAGS command provided that the role that executes the SHOW TAGS command has the required privileges to access the shared schema.

Currently:

As a consumer, to use the SHOW TAGS command to view shared tags, you must use a role that is granted the READ privilege on each tag. The READ privilege for a tag is new and is only applicable in a data sharing context.

The provider chooses how to grant the READ privilege on the tag to the share:

• Grant the READ privilege on each tag to the share directly.

  Copy codeExpand code block

  GRANT READ ON TAG mytag TO SHARE myshare;

  Show lessSee more

  Scroll to top

• Grant the READ privilege on the tag to a database role and grant the database role to the share.

  Copy codeExpand code block

  GRANT READ ON TAG mytag TO DATABASE ROLE mydb.dbrole;
  GRANT DATABASE ROLE mydb.dbrole TO SHARE myshare;

  Show lessSee more

  Scroll to top

The consumer:

• Creates a database from the share and grants privileges on the share to account roles (no changes).
• Grants the database role to an account role (if applicable, no changes).
• Uses SQL to execute the SHOW TAGS command.

To determine whether you have tags that are affected by the pending behavior, use these commands:

Copy codeExpand code block

SHOW TAGS IN shared_database;
SHOW TAGS IN shared_schema;

Show lessSee more

Scroll to top

Ref: 1196