SNOWFLAKE 数据库角色¶

当账户预置后，SNOWFLAKE 数据库自动导入。此数据库是 Snowflake 使用 Secure Data Sharing 为组织和账户提供对象元数据和其他使用指标的示例。

访问 SNOWFLAKE 数据库中的架构对象由不同的数据库角色所控制。以下部分描述了每个 SNOWFLAKE 数据库角色、其关联的权限以及该角色被授予访问权限的关联架构对象。

ACCOUNT_USAGE 架构¶

ACCOUNT_USAGE 架构有四个已定义的 SNOWFLAKE 数据库角色，每个角色均被授予特定视图的 SELECT 权限。

角色	目的和描述
OBJECT_VIEWER	OBJECT_VIEWER 角色提供对对象元数据的可见性。
USAGE_VIEWER	USAGE_VIEWER 角色提供对历史使用信息的可见性。
GOVERNANCE_VIEWER	GOVERNANCE_VIEWER 角色提供与数据治理相关的信息的可见性。
SECURITY_VIEWER	SECURITY_VIEWER 角色提供对基于安全的信息的可见性。

访问 ACCOUNT_USAGE 视图所需的数据库角色¶

OBJECT_VIEWER、USAGE_VIEWER、GOVERNANCE_VIEWER 和 SECURITY_VIEWER 角色具有 SELECT 权限查询 SNOWFLAKE 共享数据库中的 Account Usage 视图。使用下表来确定哪个数据库角色有权访问视图。

视图	数据库角色
ACCESS_HISTORY 视图	GOVERNANCE_VIEWER
AGGREGATE_ACCESS_HISTORY 视图	GOVERNANCE_VIEWER
AGGREGATE_QUERY_HISTORY 视图	GOVERNANCE_VIEWER
AGGREGATION_POLICIES 视图	GOVERNANCE_VIEWER
ANOMALIES_DAILY 视图	USAGE_VIEWER
APPLICATION_DAILY_USAGE_HISTORY 视图	USAGE_VIEWER
APPLICATION_SPECIFICATION_STATUS_HISTORY 视图	SECURITY_VIEWER
APPLICATION_SPECIFICATIONS 视图	SECURITY_VIEWER
AUTOMATIC_CLUSTERING_HISTORY 视图	USAGE_VIEWER
BLOCK_STORAGE_HISTORY 视图	USAGE_VIEWER
BLOCK_STORAGE_SNAPSHOTS view	OBJECT_VIEWER
CLASS_INSTANCES 视图	USAGE_VIEWER
CLASSES 视图	USAGE_VIEWER
COLUMN_QUERY_PRUNING_HISTORY 视图	USAGE_VIEWER
COLUMNS 视图	OBJECT_VIEWER
COMPLETE_TASK_GRAPHS 视图	OBJECT_VIEWER
CONTACT_REFERENCES 视图	GOVERNANCE_VIEWER
CONTACTS 视图	GOVERNANCE_VIEWER
COPY_FILES_HISTORY 视图	USAGE_VIEWER
COPY_HISTORY 视图	USAGE_VIEWER
CORTEX_ANALYST_USAGE_HISTORY 视图	USAGE_VIEWER
CORTEX_DOCUMENT_PROCESSING_USAGE_HISTORY 视图	USAGE_VIEWER
CORTEX_FINE_TUNING_USAGE_HISTORY 视图	USAGE_VIEWER
CORTEX_FUNCTIONS_QUERY_USAGE_HISTORY 视图	USAGE_VIEWER
CORTEX_FUNCTIONS_USAGE_HISTORY 视图	USAGE_VIEWER
CORTEX_SEARCH_DAILY_USAGE_HISTORY 视图	USAGE_VIEWER
CORTEX_PROVISIONED_THROUGHPUT_USAGE_HISTORY view	USAGE_VIEWER
CORTEX_SEARCH_SERVING_USAGE_HISTORY 视图	USAGE_VIEWER
CREDENTIALS 视图	SECURITY_VIEWER
DATA_CLASSIFICATION_LATEST 视图	GOVERNANCE_VIEWER
DATA_METRIC_FUNCTION_EXPECTATIONS 视图	USAGE_VIEWER 或 GOVERNANCE_VIEWER
DATA_METRIC_FUNCTION_REFERENCES 视图	USAGE_VIEWER 或 GOVERNANCE_VIEWER
DATA_QUALITY_MONITORING_USAGE_HISTORY 视图	USAGE_VIEWER
DATA_TRANSFER_HISTORY 视图	USAGE_VIEWER
DATABASE_STORAGE_USAGE_HISTORY 视图	USAGE_VIEWER
DATABASES 视图	OBJECT_VIEWER
DOCUMENT_AI_USAGE_HISTORY 视图	USAGE_VIEWER
DYNAMIC_TABLE_REFRESH_HISTORY 视图	USAGE_VIEWER
ELEMENT_TYPES 视图	OBJECT_VIEWER
EVENT_USAGE_HISTORY 视图	USAGE_VIEWER
EXTERNAL_ACCESS_HISTORY 视图	USAGE_VIEWER
FIELDS 视图	OBJECT_VIEWER
FILE_FORMATS 视图	OBJECT_VIEWER
FUNCTIONS 视图	OBJECT_VIEWER
GRANTS_TO_ROLES 视图	SECURITY_VIEWER
GRANTS_TO_USERS 视图	SECURITY_VIEWER
HYBRID_TABLE_USAGE_HISTORY 视图	USAGE_VIEWER
HYBRID_TABLES 视图	OBJECT_VIEWER
ICEBERG_STORAGE_OPTIMIZATION_HISTORY 视图	USAGE_VIEWER
INDEX_COLUMNS 视图	OBJECT_VIEWER
INDEXES 视图	OBJECT_VIEWER
INGRESS_NETWORK_ACCESS_HISTORY view	SECURITY_VIEWER
INTERNAL_DATA_TRANSFER_HISTORY 视图	USAGE_VIEWER
INTERNAL_STAGE_NETWORK_ACCESS_HISTORY view	SECURITY_VIEWER
JOIN_POLICIES 视图	GOVERNANCE_VIEWER
LOAD_HISTORY 视图	USAGE_VIEWER
LOGIN_HISTORY 视图	SECURITY_VIEWER
MASKING_POLICIES 视图	GOVERNANCE_VIEWER
MATERIALIZED_VIEW_REFRESH_HISTORY 视图	USAGE_VIEWER
METERING_DAILY_HISTORY 视图	USAGE_VIEWER
METERING_HISTORY 视图	USAGE_VIEWER
NETWORK_POLICIES 视图	SECURITY_VIEWER
NETWORK_RULE_REFERENCES 视图	SECURITY_VIEWER
NETWORK_RULES 视图	SECURITY_VIEWER
NOTEBOOKS_CONTAINER_RUNTIME_HISTORY 视图	USAGE_VIEWER
OBJECT_ACCESS_REQUEST_HISTORY 视图	OBJECT_VIEWER
OBJECT_DEPENDENCIES 视图	OBJECT_VIEWER
OPENFLOW_USAGE_HISTORY 视图	USAGE_VIEWER
OUTBOUND_PRIVATELINK_ENDPOINTS 视图	SECURITY_VIEWER
PASSWORD_POLICIES 视图	SECURITY_VIEWER
PIPE_USAGE_HISTORY 视图	USAGE_VIEWER
PIPES 视图	OBJECT_VIEWER
POLICY_REFERENCES 视图	GOVERNANCE_VIEWER、SECURITY_VIEWER
PRIVACY_BUDGETS 视图	GOVERNANCE_VIEWER
PRIVACY_POLICIES 视图	GOVERNANCE_VIEWER
PROCEDURES 视图	OBJECT_VIEWER
PROJECTION_POLICIES 视图	GOVERNANCE_VIEWER
QUERY_ACCELERATION_ELIGIBLE 视图	GOVERNANCE_VIEWER
QUERY_ATTRIBUTION_HISTORY 视图	USAGE_VIEWER、GOVERNANCE_VIEWER
QUERY_HISTORY 视图	GOVERNANCE_VIEWER
QUERY_INSIGHTS 视图	GOVERNANCE_VIEWER
REFERENTIAL_CONSTRAINTS 视图	OBJECT_VIEWER
REPLICATION_GROUP_REFRESH_HISTORY 视图	USAGE_VIEWER
REPLICATION_GROUP_USAGE_HISTORY 视图	USAGE_VIEWER
REPLICATION_GROUPS 视图	OBJECT_VIEWER
REPLICATION_USAGE_HISTORY 视图	USAGE_VIEWER
RESOURCE_MONITORS 视图	OBJECT_VIEWER
ROLES 视图	SECURITY_VIEWER
ROW_ACCESS_POLICIES 视图	GOVERNANCE_VIEWER
SCHEMATA 视图	OBJECT_VIEWER
SEARCH_OPTIMIZATION_BENEFITS 视图	USAGE_VIEWER
SEARCH_OPTIMIZATION_HISTORY 视图	USAGE_VIEWER
SECRETS 视图	SECURITY_VIEWER
SEMANTIC_DIMENSIONS 视图	OBJECT_VIEWER
SEMANTIC_FACTS 视图	OBJECT_VIEWER
SEMANTIC_METRICS 视图	OBJECT_VIEWER
SEMANTIC_RELATIONSHIPS 视图	OBJECT_VIEWER
SEMANTIC_TABLES 视图	OBJECT_VIEWER
SEMANTIC_VIEWS 视图	OBJECT_VIEWER
SEQUENCES 视图	OBJECT_VIEWER
SERVERLESS_ALERT_HISTORY 视图	USAGE_VIEWER
SERVERLESS_TASK_HISTORY 视图	USAGE_VIEWER
SERVICES 视图	OBJECT_VIEWER
SESSION_POLICIES 视图	SECURITY_VIEWER
SESSIONS 视图	SECURITY_VIEWER
SNAPSHOT_OPERATION_HISTORY view	OBJECT_VIEWER
SNAPSHOT_POLICIES view	OBJECT_VIEWER
SNAPSHOT_SETS view	OBJECT_VIEWER
SNAPSHOT_STORAGE_USAGE view	OBJECT_VIEWER
SNAPSHOTS view	OBJECT_VIEWER
SNOWPARK_CONTAINER_SERVICES_HISTORY 视图	USAGE_VIEWER
SNOWPIPE_STREAMING_CHANNEL_HISTORY 视图	USAGE_VIEWER
STAGE_STORAGE_USAGE_HISTORY 视图	USAGE_VIEWER
STAGES 视图	OBJECT_VIEWER
STORAGE_USAGE 视图	USAGE_VIEWER
TABLE_CONSTRAINTS 视图	OBJECT_VIEWER
TABLE_DML_HISTORY 视图	USAGE_VIEWER
TABLE_PRUNING_HISTORY 视图	USAGE_VIEWER
TABLE_QUERY_PRUNING_HISTORY 视图	USAGE_VIEWER
TABLE_STORAGE_METRICS 视图	USAGE_VIEWER
TABLES 视图	OBJECT_VIEWER
TAG_REFERENCES 视图	GOVERNANCE_VIEWER
TAGS 视图	OBJECT_VIEWER 或 GOVERNANCE_VIEWER
TASK_HISTORY 视图	USAGE_VIEWER
USERS 视图	SECURITY_VIEWER
VIEWS 视图	OBJECT_VIEWER
WAREHOUSE_EVENTS_HISTORY 视图	USAGE_VIEWER
WAREHOUSE_LOAD_HISTORY 视图	USAGE_VIEWER
WAREHOUSE_METERING_HISTORY 视图	USAGE_VIEWER

READER_ACCOUNT_USAGE 架构¶

READER_USAGE_VIEWER SNOWFLAKE 数据库角色已被授予所有 READER_ACCOUNT_USAGE 视图的 SELECT 权限。由于阅读者账户由客户创建，READER_USAGE_VIEWER 角色预计会被授予那些用于监控阅读者账户使用情况的角色。

视图
LOGIN_HISTORY 视图
QUERY_HISTORY 视图
RESOURCE_MONITORS 视图
STORAGE_USAGE 视图
WAREHOUSE_METERING_HISTORY 视图

ORGANIZATION_USAGE 架构¶

ORGANIZATION_USAGE_VIEWER、ORGANIZATION_BILLING_VIEWER 和 ORGANIZATION_ACCOUNTS_VIEWER SNOWFLAKE 数据库角色被授予共享 SNOWFLAKE 数据库中 Organization Usage 视图的 SELECT 权限。

视图	ORGANIZATION_BILLING_VIEWER 角色	ORGANIZATION_USAGE_VIEWER 角色	ORGANIZATION_ACCOUNTS_VIEWER 角色
ACCOUNTS 视图			✔
ANOMALIES_IN_CURRENCY_DAILY 视图	✔
CONTRACT_ITEMS 视图	✔
LISTING_AUTO_FULFILLMENT_USAGE_HISTORY 视图	✔
RATE_SHEET_DAILY 视图	✔
REMAINING_BALANCE_DAILY 视图	✔
USAGE_IN_CURRENCY_DAILY 视图	✔
MARKETPLACE_DISBURSEMENT_REPORT 视图	✔
DATA_TRANSFER_DAILY_HISTORY 视图		✔
DATA_TRANSFER_HISTORY 视图		✔
DATABASE_STORAGE_USAGE_HISTORY 视图		✔
AUTOMATIC_CLUSTERING_HISTORY 视图		✔
MARKETPLACE_PAID_USAGE_DAILY 视图		✔
MATERIALIZED_VIEW_REFRESH_HISTORY 视图		✔
METERING_DAILY_HISTORY 视图		✔
MONETIZED_USAGE_DAILY 视图		✔
PIPE_USAGE_HISTORY 视图		✔
QUERY_ACCELERATION_HISTORY 视图		✔
REPLICATION_GROUP_USAGE_HISTORY 视图		✔
REPLICATION_USAGE_HISTORY 视图		✔
SEARCH_OPTIMIZATION_HISTORY 视图		✔
STAGE_STORAGE_USAGE_HISTORY 视图		✔
STORAGE_DAILY_HISTORY 视图		✔
WAREHOUSE_METERING_HISTORY 视图		✔

CORE 架构¶

CORE_VIEWER SNOWFLAKE 数据库角色被授予包含共享 SNOWFLAKE 数据库的所有 Snowflake 账户中的 PUBLIC 角色。USAGE 权限被授予所有 Snowflake 定义的函数和 CORE 架构中的捆绑包。

预算类¶

BUDGET_CREATOR Snowflake 数据库角色被授予 SNOWFLAKE.CORE 架构和架构中的 BUDGET 类的 USAGE 权限。此授权允许拥有 BUDGET_CREATOR 角色的用户创建 BUDGET 类实例。

有关更多信息，请参阅创建自定义角色以创建预算。

标签对象¶

CORE_VIEWER 数据库角色被授予每个 Data Classification 系统标签的 APPLY 权限：SNOWFLAKE.CORE.PRIVACY_CATEGORY 和 SNOWFLAKE.CORE.SEMANTIC_CATEGORY。这些授权允许具有 CORE_VIEWER 数据库角色的用户将这些系统标签分配给列。

有关详细信息，请参阅：

ALERT 架构¶

ALERT_VIEWER SNOWFLAKE 数据库角色被授予在此架构中定义的函数的 USAGE 权限。

ML 架构¶

The ML_USER SNOWFLAKE database role is granted to the PUBLIC role in all Snowflake accounts that contain a shared SNOWFLAKE database and allows customers to access and use ML functions. Users must also have the USAGE privilege on the ML schema to call these functions.

MONITORING 架构¶

MONITORING_VIEWER 数据库角色具有 MONITORING 架构中所有视图的 SELECT 权限。

MONITORING_VIEWER 数据库角色被授予包含共享 SNOWFLAKE 数据库的所有 Snowflake 账户中的 PUBLIC 角色。

SNOWFLAKE.CLASSIFICATION_ADMIN 数据库角色¶

The SNOWFLAKE.CLASSIFICATION_ADMIN database role allows a data engineer or steward to create an instance of the CLASSIFICATION_PROFILE class. A classification profile is used to implement automatic sensitive data classification.

SNOWFLAKE.CORTEX_EMBED_USER database role¶

This SNOWFLAKE.CORTEX_USER database role is used to grant customers access to Snowflake Cortex embedding functions AI_EMBED, SNOWFLAKE.CORTEX.EMBED_768, and SNOWFLAKE.CORTEX_EMBED_TEXT_1024 without granting access to other Cortex features. Calling these embedding functions requires either the SNOWFLAKE.CORTEX_USER database role or the SNOWFLAKE.CORTEX_EMBED_USER database role. This role is not granted to any roles by default.

By default, this role is not granted to any roles. If you want users to have access to the embedding functions, grant this database role to appropriate roles. For details, see Cortex LLM Functions required privileges

SNOWFLAKE.CORTEX_USER database role¶

This SNOWFLAKE.CORTEX_USER database role is used to grant customers access to Snowflake Cortex features. By default, this role is granted to the PUBLIC role. The PUBLIC role is automatically granted to all users and roles, so this allows all users in your account to use Snowflake Cortex LLM functions.

If you don't want all users to have this privilege, you can revoke access from the PUBLIC role and grant access to specific roles. For details, see Cortex LLM Functions required privileges.

SNOWFLAKE.COPILOT_USER 数据库角色¶

The SNOWFLAKE.COPILOT_USER database role allows customers to access Snowflake Copilot features. Initially, this database role is granted to the PUBLIC role. The PUBLIC role is automatically granted to all users and roles, so this allows all users in your account to use Snowflake Copilot. If you want to limit access to Snowflake Copilot features, you can revoke access from the PUBLIC role and grant access to specific roles. For details, see 访问控制要求.

使用 SNOWFLAKE 数据库角色¶

管理员可以使用 GRANT DATABASE ROLE 将一个 SNOWFLAKE 数据库角色分配给另一个角色，然后可以将其授予用户。这将允许用户访问 SNOWFLAKE 数据库中的视图的特定子集。

In the following example a role is created which can be used to view SNOWFLAKE database object metadata, and does the following:

创建自定义角色。
将 OBJECT_VIEWER 角色授予自定义角色。
将自定义角色授予用户。

要创建并授予自定义角色，请执行以下操作：

使用将用于授予对对象元数据的访问权限的 CREATE ROLE，来创建 CAN_VIEWMD 角色。

只有拥有 USERADMIN 系统角色或更高角色的用户或拥有账户 CREATE ROLE 权限的其他角色才能创建角色。
```
CREATE ROLE CAN_VIEWMD COMMENT = 'This role can view metadata per SNOWFLAKE database role definitions';
```
Copy
将 OBJECT_VIEWER 角色授予 CAN_VIEWMD 角色。

只有拥有 OWNERSHIP 角色的用户可以授予 SNOWFLAKE 数据库角色。有关更多信息，请参阅 GRANT DATABASE ROLE。
```
GRANT DATABASE ROLE OBJECT_VIEWER TO ROLE CAN_VIEWMD;
```
Copy
将 CAN_VIEWMD 角色分配给用户 smith。

只有拥有 SECURITYADMIN 角色的用户可以将角色授予用户。有关其他选项，请参阅 GRANT ROLE。
```
GRANT ROLE CAN_VIEWMD TO USER smith;
```
Copy