grantRole
Grants a role to a user or to another role in Snowflake. Used to assign roles to users for access control or to create role hierarchies.
Note: Automatic rollback revokes the granted role.
Known limitation: This change type does not support database inspection features (snapshot, diff, diff-changelog, and generate-changelog commands).
Available attributes
Attribute | Type | Description | Required |
|---|---|---|---|
| String | Name of the role to grant | Yes |
| String | Name of the user to grant the role to* | No |
| String | Name of the role to grant the role to* | No |
* Exactly one of toUser or toRole must be specified
<?xml version="1.0" encoding="UTF-8"?>
<databaseChangeLog
xmlns="http://www.liquibase.org/xml/ns/dbchangelog"
xmlns:pro-snowflake="http://www.liquibase.org/xml/ns/pro-snowflake"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.liquibase.org/xml/ns/dbchangelog
http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-latest.xsd
http://www.liquibase.org/xml/ns/pro-snowflake
http://www.liquibase.org/xml/ns/pro-snowflake/liquibase-pro-snowflake-latest.xsd">
<!-- Grant role to user -->
<changeSet id="grant-role-to-user" author="examples">
<pro-snowflake:grantRole
roleName="ANALYST_ROLE"
toUser="JOHN_DOE"/>
</changeSet>
<!-- Grant role to role (role hierarchy) -->
<changeSet id="grant-role-to-role" author="examples">
<pro-snowflake:grantRole
roleName="DATA_READER"
toRole="ANALYST_ROLE"/>
</changeSet>
</databaseChangeLog>