grantPrivilegeToShare

Grants a privilege on a database object to a Snowflake share. This allows the share to access the specified object with the granted privilege.

Note: Automatic rollback revokes the granted privilege.

Known limitation: This change type does not support database inspection features (snapshot, diff, diff-changelog, and generate-changelog commands).

Available attributes

Attribute	Type	Description	Required
`shareName`	String	Name of the share to grant the privilege to	Yes
`objectType`	String	Type of object to grant privilege on*	Yes
`objectName`	String	Name of the object to grant privilege on	Yes
`catalogName`	String	Name of the catalog (database) containing the object**	No
`schemaName`	String	Name of the schema containing the object***	No
`privilege`	String	Privilege to grant (see table below)	Yes

* Supported types: DATABASE, SCHEMA, TABLE, EXTERNAL_TABLE, ICEBERG_TABLE, DYNAMIC_TABLE, VIEW, FUNCTION, TAG, SEMANTIC_VIEW

** Cannot be specified for DATABASE type.

*** Cannot be specified for DATABASE or SCHEMA types.

Privileges by object type

Object type	Valid privileges
DATABASE	USAGE, REFERENCE_USAGE
SCHEMA	USAGE
TABLE	SELECT, EVOLVE SCHEMA
EXTERNAL_TABLE	SELECT
ICEBERG_TABLE	SELECT
DYNAMIC_TABLE	SELECT
VIEW	SELECT
FUNCTION	USAGE
TAG	READ
SEMANTIC_VIEW	REFERENCES

Prerequisites

Before granting privileges on database objects to a share, you must first grant USAGE privilege on the database:

GRANT USAGE ON DATABASE database_name TO SHARE share_name;

<?xml version="1.0" encoding="UTF-8"?>
<databaseChangeLog
  xmlns="http://www.liquibase.org/xml/ns/dbchangelog"
  xmlns:pro-snowflake="http://www.liquibase.org/xml/ns/pro-snowflake"
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xsi:schemaLocation="http://www.liquibase.org/xml/ns/dbchangelog
        http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-latest.xsd
        http://www.liquibase.org/xml/ns/pro-snowflake
        http://www.liquibase.org/xml/ns/pro-snowflake/liquibase-pro-snowflake-latest.xsd">
  <!-- Grant USAGE on database -->
  <changeSet id="grant-database-usage" author="examples">
    <pro-snowflake:grantPrivilegeToShare
                shareName="MY_SHARE"
                objectType="DATABASE"
                objectName="MY_DATABASE"
                privilege="USAGE"/>
  </changeSet>
  <!-- Grant USAGE on schema -->
  <changeSet id="grant-schema-usage" author="examples">
    <pro-snowflake:grantPrivilegeToShare
                shareName="MY_SHARE"
                objectType="SCHEMA"
                objectName="PUBLIC"
                catalogName="MY_DATABASE"
                privilege="USAGE"/>
  </changeSet>
  <!-- Grant SELECT on table -->
  <changeSet id="grant-table-select" author="examples">
    <pro-snowflake:grantPrivilegeToShare
                shareName="MY_SHARE"
                objectType="TABLE"
                objectName="CUSTOMERS"
                catalogName="MY_DATABASE"
                schemaName="PUBLIC"
                privilege="SELECT"/>
  </changeSet>
  <!-- Grant SELECT on view -->
  <changeSet id="grant-view-select" author="examples">
    <pro-snowflake:grantPrivilegeToShare
                shareName="MY_SHARE"
                objectType="VIEW"
                objectName="CUSTOMER_SUMMARY"
                catalogName="MY_DATABASE"
                schemaName="PUBLIC"
                privilege="SELECT"/>
  </changeSet>
</databaseChangeLog>

<?xml version="1.0" encoding="UTF-8"?>
<databaseChangeLog
  xmlns="http://www.liquibase.org/xml/ns/dbchangelog"
  xmlns:pro-snowflake="http://www.liquibase.org/xml/ns/pro-snowflake"
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xsi:schemaLocation="http://www.liquibase.org/xml/ns/dbchangelog
        http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-latest.xsd
        http://www.liquibase.org/xml/ns/pro-snowflake
        http://www.liquibase.org/xml/ns/pro-snowflake/liquibase-pro-snowflake-latest.xsd">
  <!-- Grant USAGE on database -->
  <changeSet id="grant-database-usage" author="examples">
    <pro-snowflake:grantPrivilegeToShare
                shareName="MY_SHARE"
                objectType="DATABASE"
                objectName="MY_DATABASE"
                privilege="USAGE"/>
  </changeSet>
  <!-- Grant USAGE on schema -->
  <changeSet id="grant-schema-usage" author="examples">
    <pro-snowflake:grantPrivilegeToShare
                shareName="MY_SHARE"
                objectType="SCHEMA"
                objectName="PUBLIC"
                catalogName="MY_DATABASE"
                privilege="USAGE"/>
  </changeSet>
  <!-- Grant SELECT on table -->
  <changeSet id="grant-table-select" author="examples">
    <pro-snowflake:grantPrivilegeToShare
                shareName="MY_SHARE"
                objectType="TABLE"
                objectName="CUSTOMERS"
                catalogName="MY_DATABASE"
                schemaName="PUBLIC"
                privilege="SELECT"/>
  </changeSet>
  <!-- Grant SELECT on view -->
  <changeSet id="grant-view-select" author="examples">
    <pro-snowflake:grantPrivilegeToShare
                shareName="MY_SHARE"
                objectType="VIEW"
                objectName="CUSTOMER_SUMMARY"
                catalogName="MY_DATABASE"
                schemaName="PUBLIC"
                privilege="SELECT"/>
  </changeSet>
</databaseChangeLog>