alterRoleTags
Sets or removes tags on an existing role in Snowflake.
Note: This change type does not support automatic rollback.
Attributes
You must specify one of the following attributes.
Attribute | Type | Description | Required |
|---|---|---|---|
roleName | String | Name of the role to alter | Yes |
ifExists | Boolean | If true, only alters if the role exists using `IF EXISTS` | No |
setTags | MapWrapper | Key-value pairs of tags to set on the role | No* |
unsetTags | List<UnsetTag> | List of tag names to remove from the role | No* |
<databaseChangeLog
xmlns="http://www.liquibase.org/xml/ns/dbchangelog"
xmlns:pro-snowflake="http://www.liquibase.org/xml/ns/pro-snowflake"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.liquibase.org/xml/ns/dbchangelog
http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-latest.xsd
http://www.liquibase.org/xml/ns/pro-snowflake
http://www.liquibase.org/xml/ns/pro-snowflake/liquibase-pro-snowflake-latest.xsd">
<changeSet id="set-role-tags" author="examples">
<!-- Create tags -->
<sql>CREATE TAG IF NOT EXISTS DEPARTMENT_TAG COMMENT = 'Department classification'</sql>
<sql>CREATE TAG IF NOT EXISTS SECURITY_LEVEL_TAG COMMENT = 'Security level classification'</sql>
<sql>CREATE TAG IF NOT EXISTS COST_CENTER_TAG COMMENT = 'Cost center identifier'</sql>
<!-- Create role -->
<sql>CREATE ROLE IF NOT EXISTS ANALYTICS_ROLE</sql>
<!-- Set tags - this is what we're testing -->
<pro-snowflake:alterRoleTags roleName="ANALYTICS_ROLE">
<pro-snowflake:setTags>
<pro-snowflake:entry key="DEPARTMENT_TAG" value="engineering"/>
<pro-snowflake:entry key="SECURITY_LEVEL_TAG" value="standard"/>
<pro-snowflake:entry key="COST_CENTER_TAG" value="CC-1234"/>
</pro-snowflake:setTags>
</pro-snowflake:alterRoleTags>
<rollback>
<pro-snowflake:alterRoleTags roleName="ANALYTICS_ROLE">
<pro-snowflake:unsetTags>
<pro-snowflake:unsetTag tagName="DEPARTMENT_TAG"/>
<pro-snowflake:unsetTag tagName="SECURITY_LEVEL_TAG"/>
<pro-snowflake:unsetTag tagName="COST_CENTER_TAG"/>
</pro-snowflake:unsetTags>
</pro-snowflake:alterRoleTags>
<sql>DROP ROLE IF EXISTS ANALYTICS_ROLE</sql>
<sql>DROP TAG IF EXISTS COST_CENTER_TAG</sql>
<sql>DROP TAG IF EXISTS SECURITY_LEVEL_TAG</sql>
<sql>DROP TAG IF EXISTS DEPARTMENT_TAG</sql>
</rollback>
</changeSet>
<changeSet id="unset-role-tags" author="examples">
<!-- Create tags -->
<sql>CREATE TAG IF NOT EXISTS TEAM_TAG COMMENT = 'Team identifier'</sql>
<sql>CREATE TAG IF NOT EXISTS PROJECT_TAG COMMENT = 'Project identifier'</sql>
<sql>CREATE TAG IF NOT EXISTS REGION_TAG COMMENT = 'Region identifier'</sql>
<!-- Create role with tags -->
<sql>
CREATE ROLE IF NOT EXISTS SERVICE_ACCOUNT_ROLE COMMENT = 'Service account role for API access';
ALTER ROLE SERVICE_ACCOUNT_ROLE SET TAG TEAM_TAG = 'backend', PROJECT_TAG = 'api-service', REGION_TAG = 'us-east';
</sql>
<!-- Unset tags - this is what we're testing -->
<pro-snowflake:alterRoleTags roleName="SERVICE_ACCOUNT_ROLE">
<pro-snowflake:unsetTags>
<pro-snowflake:unsetTag tagName="TEAM_TAG"/>
<pro-snowflake:unsetTag tagName="PROJECT_TAG"/>
<pro-snowflake:unsetTag tagName="REGION_TAG"/>
</pro-snowflake:unsetTags>
</pro-snowflake:alterRoleTags>
<rollback>
<pro-snowflake:alterRoleTags roleName="SERVICE_ACCOUNT_ROLE">
<pro-snowflake:setTags>
<pro-snowflake:entry key="TEAM_TAG" value="backend"/>
<pro-snowflake:entry key="PROJECT_TAG" value="api-service"/>
<pro-snowflake:entry key="REGION_TAG" value="us-east"/>
</pro-snowflake:setTags>
</pro-snowflake:alterRoleTags>
</rollback>
</changeSet>
</databaseChangeLog>