From 32396db40d42ac7d281ec1def3fd7558e4383f46 Mon Sep 17 00:00:00 2001 From: Agnes Kiss Date: Thu, 17 Aug 2023 15:49:21 +0100 Subject: [PATCH 01/40] Add more warehouses to database permissions --- .../docs/faqs/Warehouse/database-privileges.md | 4 ++-- .../databricks-permissions.md | 17 +++++++++++++++++ .../postgres-permissions.md | 18 ++++++++++++++++++ .../redshift-permissions.md | 18 ++++++++++++++++++ .../snowflake-permissions.md | 0 website/docs/reference/references-overview.md | 18 ++++++++++++++++++ website/sidebars.js | 7 ++++++- 7 files changed, 79 insertions(+), 3 deletions(-) create mode 100644 website/docs/reference/database-permissions/databricks-permissions.md create mode 100644 website/docs/reference/database-permissions/postgres-permissions.md create mode 100644 website/docs/reference/database-permissions/redshift-permissions.md rename website/docs/reference/{ => database-permissions}/snowflake-permissions.md (100%) diff --git a/website/docs/faqs/Warehouse/database-privileges.md b/website/docs/faqs/Warehouse/database-privileges.md index 73e0549f130..692b67f4e0a 100644 --- a/website/docs/faqs/Warehouse/database-privileges.md +++ b/website/docs/faqs/Warehouse/database-privileges.md @@ -12,8 +12,8 @@ schema¹ * read system views to generate documentation (i.e. views in `information_schema`) -On Postgres, Redshift, and Snowflake, use a series of `grants` to ensure that -your user has the correct privileges. +On Postgres, Redshift, Databricks, and Snowflake, use a series of `grants` to ensure that +your user has the correct privileges. Check out [example permissions](/reference/database-permissions/snowflake-permissions) for these warehouses. On BigQuery, use the "BigQuery User" role to assign these privileges. diff --git a/website/docs/reference/database-permissions/databricks-permissions.md b/website/docs/reference/database-permissions/databricks-permissions.md new file mode 100644 index 00000000000..14b24355d8a --- /dev/null +++ b/website/docs/reference/database-permissions/databricks-permissions.md @@ -0,0 +1,17 @@ +--- +title: "Databricks Permissions" +--- + +## Example Databricks permissions + +``` +-- NOTE: in general permissions can be granted on securable_objects to +principals (can be user, service principal, or group) +-- e.g.: grant privilege_type on securable_object to principal + +grant all privileges on schema schema_name to principal; +grant create table on schema schema_name to principal; +grant create view on schema schema_name to principal; +``` + +Check out the [Official Documentation](https://docs.databricks.com/en/data-governance/unity-catalog/manage-privileges/privileges.html#privilege-types-by-securable-object-in-unity-catalog) for more information. diff --git a/website/docs/reference/database-permissions/postgres-permissions.md b/website/docs/reference/database-permissions/postgres-permissions.md new file mode 100644 index 00000000000..bbab2fe5f4f --- /dev/null +++ b/website/docs/reference/database-permissions/postgres-permissions.md @@ -0,0 +1,18 @@ +--- +title: "Postgres Permissions" +--- + +## Example Postgres permissions + +``` +grant usage on database database_name to user_name; +grant create schema on database database_name to user_name; +grant usage on schema database.schema_name to user_name; +grant create table on schema database.schema_name to user_name; +grant create view on schema database.schema_name to user_name; +grant usage on all schemas in database database_name to user_name; +grant select on all tables in database database_name to user_name; +grant select on all views in database database_name to user_name; +``` + +Check out the [Official Documentation](https://www.postgresql.org/docs/current/sql-grant.html) for more information. diff --git a/website/docs/reference/database-permissions/redshift-permissions.md b/website/docs/reference/database-permissions/redshift-permissions.md new file mode 100644 index 00000000000..4c8dc59d723 --- /dev/null +++ b/website/docs/reference/database-permissions/redshift-permissions.md @@ -0,0 +1,18 @@ +--- +title: "Redshift Permissions" +--- + +## Example Redshift permissions + +``` +grant usage on database database_name to user_name; +grant create schema on database database_name to user_name; +grant usage on schema database.schema_name to user_name; +grant create table on schema database.schema_name to user_name; +grant create view on schema database.schema_name to user_name; +grant usage on all schemas in database database_name to user_name; +grant select on all tables in database database_name to user_name; +grant select on all views in database database_name to user_name; +``` + +Check out the [Official Documentation](https://docs.aws.amazon.com/redshift/latest/dg/r_GRANT.html) for more information. diff --git a/website/docs/reference/snowflake-permissions.md b/website/docs/reference/database-permissions/snowflake-permissions.md similarity index 100% rename from website/docs/reference/snowflake-permissions.md rename to website/docs/reference/database-permissions/snowflake-permissions.md diff --git a/website/docs/reference/references-overview.md b/website/docs/reference/references-overview.md index 16afd01607c..263d0f606ec 100644 --- a/website/docs/reference/references-overview.md +++ b/website/docs/reference/references-overview.md @@ -54,4 +54,22 @@ Learn how to add more configurations to your dbt project or adapter, use propert link="/reference/snowflake-permissions" icon="computer"/> + + + + + + diff --git a/website/sidebars.js b/website/sidebars.js index e319f4d49bf..5a527e1a06c 100644 --- a/website/sidebars.js +++ b/website/sidebars.js @@ -871,7 +871,12 @@ const sidebarSettings = { { type: "category", label: "Database Permissions", - items: ["reference/snowflake-permissions"], + items: [ + "reference/database-permissions/snowflake-permissions", + "reference/database-permissions/databricks-permissions", + "reference/database-permissions/redshift-permissions", + "reference/database-permissions/postgres-permissions", + ], }, ], guides: [ From 081512e0461453c089426b25a9cbdb6943774617 Mon Sep 17 00:00:00 2001 From: Agnes Kiss Date: Thu, 17 Aug 2023 16:53:18 +0100 Subject: [PATCH 02/40] Fix broken links --- .../docs/cloud/connect-data-platform/connect-snowflake.md | 2 +- website/docs/reference/references-overview.md | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/website/docs/docs/cloud/connect-data-platform/connect-snowflake.md b/website/docs/docs/cloud/connect-data-platform/connect-snowflake.md index 4f31c56e8aa..6cff28ae584 100644 --- a/website/docs/docs/cloud/connect-data-platform/connect-snowflake.md +++ b/website/docs/docs/cloud/connect-data-platform/connect-snowflake.md @@ -15,7 +15,7 @@ The following fields are required when creating a Snowflake connection | Warehouse | The virtual warehouse to use for running queries. | `transforming` | -**Note:** A crucial part of working with dbt atop Snowflake is ensuring that users (in development environments) and/or service accounts (in deployment to production environments) have the correct permissions to take actions on Snowflake! Here is documentation of some [example permissions to configure Snowflake access](/reference/snowflake-permissions). +**Note:** A crucial part of working with dbt atop Snowflake is ensuring that users (in development environments) and/or service accounts (in deployment to production environments) have the correct permissions to take actions on Snowflake! Here is documentation of some [example permissions to configure Snowflake access](/reference/database-permissions/snowflake-permissions). ### Username / Password diff --git a/website/docs/reference/references-overview.md b/website/docs/reference/references-overview.md index 263d0f606ec..37d80104277 100644 --- a/website/docs/reference/references-overview.md +++ b/website/docs/reference/references-overview.md @@ -51,25 +51,25 @@ Learn how to add more configurations to your dbt project or adapter, use propert From d0c8aaf4d84ce7efc3f0eb6d9cef980427202151 Mon Sep 17 00:00:00 2001 From: mirnawong1 <89008547+mirnawong1@users.noreply.github.com> Date: Mon, 25 Sep 2023 15:44:07 +0100 Subject: [PATCH 03/40] Update website/docs/reference/database-permissions/databricks-permissions.md --- .../reference/database-permissions/databricks-permissions.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/docs/reference/database-permissions/databricks-permissions.md b/website/docs/reference/database-permissions/databricks-permissions.md index 14b24355d8a..5bfe1c9252a 100644 --- a/website/docs/reference/database-permissions/databricks-permissions.md +++ b/website/docs/reference/database-permissions/databricks-permissions.md @@ -14,4 +14,4 @@ grant create table on schema schema_name to principal; grant create view on schema schema_name to principal; ``` -Check out the [Official Documentation](https://docs.databricks.com/en/data-governance/unity-catalog/manage-privileges/privileges.html#privilege-types-by-securable-object-in-unity-catalog) for more information. +Check out the [official documentation](https://docs.databricks.com/en/data-governance/unity-catalog/manage-privileges/privileges.html#privilege-types-by-securable-object-in-unity-catalog) for more information. From 2fd5835cf8a7aaf7ed87cdb416528dd23ba71ef8 Mon Sep 17 00:00:00 2001 From: mirnawong1 <89008547+mirnawong1@users.noreply.github.com> Date: Mon, 25 Sep 2023 15:54:10 +0100 Subject: [PATCH 04/40] Update website/docs/reference/database-permissions/redshift-permissions.md --- .../docs/reference/database-permissions/redshift-permissions.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/docs/reference/database-permissions/redshift-permissions.md b/website/docs/reference/database-permissions/redshift-permissions.md index 4c8dc59d723..f173e2584d4 100644 --- a/website/docs/reference/database-permissions/redshift-permissions.md +++ b/website/docs/reference/database-permissions/redshift-permissions.md @@ -15,4 +15,4 @@ grant select on all tables in database database_name to user_name; grant select on all views in database database_name to user_name; ``` -Check out the [Official Documentation](https://docs.aws.amazon.com/redshift/latest/dg/r_GRANT.html) for more information. +Check out the [official documentation](https://docs.aws.amazon.com/redshift/latest/dg/r_GRANT.html) for more information. From 92392ff7d587ab2eabae138787552ec0673b0770 Mon Sep 17 00:00:00 2001 From: mirnawong1 <89008547+mirnawong1@users.noreply.github.com> Date: Mon, 25 Sep 2023 15:54:32 +0100 Subject: [PATCH 05/40] Update website/docs/reference/database-permissions/postgres-permissions.md --- .../docs/reference/database-permissions/postgres-permissions.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/docs/reference/database-permissions/postgres-permissions.md b/website/docs/reference/database-permissions/postgres-permissions.md index bbab2fe5f4f..24bb91317cc 100644 --- a/website/docs/reference/database-permissions/postgres-permissions.md +++ b/website/docs/reference/database-permissions/postgres-permissions.md @@ -15,4 +15,4 @@ grant select on all tables in database database_name to user_name; grant select on all views in database database_name to user_name; ``` -Check out the [Official Documentation](https://www.postgresql.org/docs/current/sql-grant.html) for more information. +Check out the [official documentation](https://www.postgresql.org/docs/current/sql-grant.html) for more information. From 0ba6076767441caf76ada81eef8f4c5333fa0e8a Mon Sep 17 00:00:00 2001 From: mirnawong1 <89008547+mirnawong1@users.noreply.github.com> Date: Mon, 25 Sep 2023 15:55:07 +0100 Subject: [PATCH 06/40] Update website/docs/reference/references-overview.md --- website/docs/reference/references-overview.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/docs/reference/references-overview.md b/website/docs/reference/references-overview.md index 37d80104277..40688b2ee65 100644 --- a/website/docs/reference/references-overview.md +++ b/website/docs/reference/references-overview.md @@ -49,7 +49,7 @@ Learn how to add more configurations to your dbt project or adapter, use propert icon="computer"/> From d5b0f093fd4592fa3d19eb846e601a5ec766beb2 Mon Sep 17 00:00:00 2001 From: mirnawong1 <89008547+mirnawong1@users.noreply.github.com> Date: Mon, 25 Sep 2023 15:55:23 +0100 Subject: [PATCH 07/40] Update website/docs/reference/references-overview.md --- website/docs/reference/references-overview.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/docs/reference/references-overview.md b/website/docs/reference/references-overview.md index 40688b2ee65..d967cff4e81 100644 --- a/website/docs/reference/references-overview.md +++ b/website/docs/reference/references-overview.md @@ -55,7 +55,7 @@ Learn how to add more configurations to your dbt project or adapter, use propert icon="computer"/> From 327f3e95fff64d68b36ac11664b7b209738ae3af Mon Sep 17 00:00:00 2001 From: mirnawong1 <89008547+mirnawong1@users.noreply.github.com> Date: Mon, 25 Sep 2023 15:55:41 +0100 Subject: [PATCH 08/40] Update website/docs/reference/references-overview.md --- website/docs/reference/references-overview.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/docs/reference/references-overview.md b/website/docs/reference/references-overview.md index d967cff4e81..cf3cb909a62 100644 --- a/website/docs/reference/references-overview.md +++ b/website/docs/reference/references-overview.md @@ -67,7 +67,7 @@ Learn how to add more configurations to your dbt project or adapter, use propert icon="computer"/> From a8718ee6132fc4555775764ab995b0b3c43bc5a7 Mon Sep 17 00:00:00 2001 From: mirnawong1 <89008547+mirnawong1@users.noreply.github.com> Date: Mon, 25 Sep 2023 15:55:57 +0100 Subject: [PATCH 09/40] Update website/docs/reference/references-overview.md --- website/docs/reference/references-overview.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/docs/reference/references-overview.md b/website/docs/reference/references-overview.md index cf3cb909a62..8a30df0127a 100644 --- a/website/docs/reference/references-overview.md +++ b/website/docs/reference/references-overview.md @@ -61,7 +61,7 @@ Learn how to add more configurations to your dbt project or adapter, use propert icon="computer"/> From 864d2151a803c9006958b2989b1f12d11626842b Mon Sep 17 00:00:00 2001 From: mirnawong1 <89008547+mirnawong1@users.noreply.github.com> Date: Tue, 31 Oct 2023 16:46:31 +0000 Subject: [PATCH 10/40] Create about-database-permissions.md add landing page --- .../about-database-permissions.md | 26 +++++++++++++++++++ 1 file changed, 26 insertions(+) create mode 100644 website/docs/reference/database-permissions/about-database-permissions.md diff --git a/website/docs/reference/database-permissions/about-database-permissions.md b/website/docs/reference/database-permissions/about-database-permissions.md new file mode 100644 index 00000000000..c348fa23748 --- /dev/null +++ b/website/docs/reference/database-permissions/about-database-permissions.md @@ -0,0 +1,26 @@ +--- +title: "Database permissions" +id: about-database-permissions +description: "Database permissions are access rights and privileges granted to users or roles within a database management system." +sidebar_label: "About database permissions" +--- + + + +Database permissions are access rights and privileges granted to users or roles within a database or data platform. They help you specify what actions users or roles can perform on various database objects, like tables, views, schemas, or even the entire database. + +ARE THEY DIFF FROM MODEL GOVERNANCE BC CONTROLS THE DATABASE PERMISSIONS? + +## Why are they useful + +- Database permissions are essential for security and data access control. +- They ensure that only authorized users can perform specific actions. +- They help maintain data integrity, prevent unauthorized changes, and limit exposure to sensitive data. +- Permissions also support compliance with data privacy regulations and auditing. + +## How to use them + +- Users and administrators can grant and manage permissions using SQL statements or through the database system's interface. +- Assign permissions to individual users or roles (groups of users) based on their responsibilities. + - Typical permissions include "SELECT" (read), "INSERT" (add data), "UPDATE" (modify data), "DELETE" (remove data), and administrative rights like "CREATE" and "DROP." +- Users should be assigned permissions that ensure they have the necessary access to perform their tasks without overextending privileges. From 385bcdbed8b32d66db24536749f574ba8c1e3034 Mon Sep 17 00:00:00 2001 From: mirnawong1 <89008547+mirnawong1@users.noreply.github.com> Date: Tue, 31 Oct 2023 16:50:51 +0000 Subject: [PATCH 11/40] Update about-database-permissions.md --- .../about-database-permissions.md | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/website/docs/reference/database-permissions/about-database-permissions.md b/website/docs/reference/database-permissions/about-database-permissions.md index c348fa23748..2f7cf44899d 100644 --- a/website/docs/reference/database-permissions/about-database-permissions.md +++ b/website/docs/reference/database-permissions/about-database-permissions.md @@ -5,8 +5,6 @@ description: "Database permissions are access rights and privileges granted to u sidebar_label: "About database permissions" --- - - Database permissions are access rights and privileges granted to users or roles within a database or data platform. They help you specify what actions users or roles can perform on various database objects, like tables, views, schemas, or even the entire database. ARE THEY DIFF FROM MODEL GOVERNANCE BC CONTROLS THE DATABASE PERMISSIONS? @@ -24,3 +22,12 @@ ARE THEY DIFF FROM MODEL GOVERNANCE BC CONTROLS THE DATABASE PERMISSIONS? - Assign permissions to individual users or roles (groups of users) based on their responsibilities. - Typical permissions include "SELECT" (read), "INSERT" (add data), "UPDATE" (modify data), "DELETE" (remove data), and administrative rights like "CREATE" and "DROP." - Users should be assigned permissions that ensure they have the necessary access to perform their tasks without overextending privileges. + +## Examples + +For more info on examples and how to setup database permissions, refer to the following database permission pages: + +- [Databricks](/reference/database-permissions/databricks-permissions) +- [Postgres](/reference/database-permissions/postgres-permissions) +- [Redshift](/reference/database-permissions/redshift-permissions) +- [Snowflake](/reference/database-permissions/snowflake-permissions) From 14691d83921c8fa8b46c42ff42bb9bab7d2aa0e4 Mon Sep 17 00:00:00 2001 From: mirnawong1 <89008547+mirnawong1@users.noreply.github.com> Date: Tue, 31 Oct 2023 16:54:52 +0000 Subject: [PATCH 12/40] Update snowflake-permissions.md --- .../database-permissions/snowflake-permissions.md | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/website/docs/reference/database-permissions/snowflake-permissions.md b/website/docs/reference/database-permissions/snowflake-permissions.md index 6a469d12230..500a0844a95 100644 --- a/website/docs/reference/database-permissions/snowflake-permissions.md +++ b/website/docs/reference/database-permissions/snowflake-permissions.md @@ -1,12 +1,16 @@ --- -title: "Snowflake Permissions" +title: "Snowflake permissions" --- +In Snowflake, permissions are used to control who can perform certain actions on different database objects. Use SQL statements to manage permissions in a Snowflake database. + ## Example Snowflake permissions +The following example provides you with the SQL statements you can use to manage permissions. + +**Notes that `warehouse_name`, `database_name`, and `role_name` are placeholders and you can replace them as-needed for your organization's naming convention. + ``` --- NOTE: warehouse_name, database_name, and role_name are placeholders! --- Replace as-needed for your organization's naming convention! grant all on warehouse warehouse_name to role role_name; grant usage on database database_name to role role_name; @@ -23,3 +27,5 @@ grant monitor on all schemas in database database_name to role role_name; grant select on all tables in database database_name to role role_name; grant select on all views in database database_name to role role_name; ``` + +For more info on the privileges how to set up your Snowflake account, refer to [this Discourse article](https://discourse.getdbt.com/t/setting-up-snowflake-the-exact-grant-statements-we-run/439). From 9ef7714151250158db5a9c1f34a9b5a495d121b3 Mon Sep 17 00:00:00 2001 From: mirnawong1 <89008547+mirnawong1@users.noreply.github.com> Date: Tue, 31 Oct 2023 16:57:25 +0000 Subject: [PATCH 13/40] Update databricks-permissions.md --- .../database-permissions/databricks-permissions.md | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/website/docs/reference/database-permissions/databricks-permissions.md b/website/docs/reference/database-permissions/databricks-permissions.md index 5bfe1c9252a..99c1d054751 100644 --- a/website/docs/reference/database-permissions/databricks-permissions.md +++ b/website/docs/reference/database-permissions/databricks-permissions.md @@ -1,9 +1,15 @@ --- -title: "Databricks Permissions" +title: "Databricks permissions" --- +In Databricks, permissions are used to control who can perform certain actions on different database objects. Use SQL statements to manage permissions in a Databricks database. + ## Example Databricks permissions +The following example provides you with the SQL statements you can use to manage permissions. + +**Note that you can grant permissions on `securable_objects` to `principals` (This can be user, service principal, or group). For example, `grant privilege_type` on `securable_object` to `principal`. + ``` -- NOTE: in general permissions can be granted on securable_objects to principals (can be user, service principal, or group) From 6ff0cd34be99eecba6c26b78e7ffcd58bf3e2abe Mon Sep 17 00:00:00 2001 From: mirnawong1 <89008547+mirnawong1@users.noreply.github.com> Date: Tue, 31 Oct 2023 16:57:42 +0000 Subject: [PATCH 14/40] Update databricks-permissions.md --- .../reference/database-permissions/databricks-permissions.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/docs/reference/database-permissions/databricks-permissions.md b/website/docs/reference/database-permissions/databricks-permissions.md index 99c1d054751..8183fc9473e 100644 --- a/website/docs/reference/database-permissions/databricks-permissions.md +++ b/website/docs/reference/database-permissions/databricks-permissions.md @@ -8,7 +8,7 @@ In Databricks, permissions are used to control who can perform certain actions o The following example provides you with the SQL statements you can use to manage permissions. -**Note that you can grant permissions on `securable_objects` to `principals` (This can be user, service principal, or group). For example, `grant privilege_type` on `securable_object` to `principal`. +**Note** that you can grant permissions on `securable_objects` to `principals` (This can be user, service principal, or group). For example, `grant privilege_type` on `securable_object` to `principal`. ``` -- NOTE: in general permissions can be granted on securable_objects to From bcd6cc130a0c904b96532936b959639760e475a3 Mon Sep 17 00:00:00 2001 From: mirnawong1 <89008547+mirnawong1@users.noreply.github.com> Date: Tue, 31 Oct 2023 16:57:57 +0000 Subject: [PATCH 15/40] Update snowflake-permissions.md --- .../reference/database-permissions/snowflake-permissions.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/docs/reference/database-permissions/snowflake-permissions.md b/website/docs/reference/database-permissions/snowflake-permissions.md index 500a0844a95..507202d4d71 100644 --- a/website/docs/reference/database-permissions/snowflake-permissions.md +++ b/website/docs/reference/database-permissions/snowflake-permissions.md @@ -8,7 +8,7 @@ In Snowflake, permissions are used to control who can perform certain actions on The following example provides you with the SQL statements you can use to manage permissions. -**Notes that `warehouse_name`, `database_name`, and `role_name` are placeholders and you can replace them as-needed for your organization's naming convention. +**Note** that `warehouse_name`, `database_name`, and `role_name` are placeholders and you can replace them as-needed for your organization's naming convention. ``` From 8c8140d95f11230f39f321673c692ae4a5454f92 Mon Sep 17 00:00:00 2001 From: mirnawong1 <89008547+mirnawong1@users.noreply.github.com> Date: Tue, 31 Oct 2023 16:59:29 +0000 Subject: [PATCH 16/40] Update postgres-permissions.md --- .../reference/database-permissions/postgres-permissions.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/website/docs/reference/database-permissions/postgres-permissions.md b/website/docs/reference/database-permissions/postgres-permissions.md index 24bb91317cc..3de71d14b77 100644 --- a/website/docs/reference/database-permissions/postgres-permissions.md +++ b/website/docs/reference/database-permissions/postgres-permissions.md @@ -2,8 +2,15 @@ title: "Postgres Permissions" --- + +In Postgres, permissions are used to control who can perform certain actions on different database objects. Use SQL statements to manage permissions in a Databricks database. + ## Example Postgres permissions +The following example provides you with the SQL statements you can use to manage permissions. + +**Note** that `database_name`, `database.schema_name`, and `user_name` are placeholders and you can replace them as needed for your organization's naming convention. + ``` grant usage on database database_name to user_name; grant create schema on database database_name to user_name; From e900d23d511bfa501ce4fcb6cea124d60ba8d120 Mon Sep 17 00:00:00 2001 From: mirnawong1 <89008547+mirnawong1@users.noreply.github.com> Date: Tue, 31 Oct 2023 17:03:22 +0000 Subject: [PATCH 17/40] Update redshift-permissions.md --- .../database-permissions/redshift-permissions.md | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/website/docs/reference/database-permissions/redshift-permissions.md b/website/docs/reference/database-permissions/redshift-permissions.md index f173e2584d4..2da4ae7f0be 100644 --- a/website/docs/reference/database-permissions/redshift-permissions.md +++ b/website/docs/reference/database-permissions/redshift-permissions.md @@ -1,9 +1,16 @@ --- -title: "Redshift Permissions" +title: "Redshift permissions" --- +In Redshift, permissions are used to control who can perform certain actions on different database objects. Use SQL statements to manage permissions in a Databricks database. + ## Example Redshift permissions +The following example provides you with the SQL statements you can use to manage permissions. + +**Note** that `database_name`, `database.schema_name`, and `user_name` are placeholders and you can replace them as needed for your organization's naming convention. + + ``` grant usage on database database_name to user_name; grant create schema on database database_name to user_name; From 425cd0f281259744291b84ae63be915e818d5930 Mon Sep 17 00:00:00 2001 From: mirnawong1 <89008547+mirnawong1@users.noreply.github.com> Date: Tue, 31 Oct 2023 17:06:03 +0000 Subject: [PATCH 18/40] Update redshift-permissions.md --- .../docs/reference/database-permissions/redshift-permissions.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/docs/reference/database-permissions/redshift-permissions.md b/website/docs/reference/database-permissions/redshift-permissions.md index 2da4ae7f0be..5f0949a3528 100644 --- a/website/docs/reference/database-permissions/redshift-permissions.md +++ b/website/docs/reference/database-permissions/redshift-permissions.md @@ -2,7 +2,7 @@ title: "Redshift permissions" --- -In Redshift, permissions are used to control who can perform certain actions on different database objects. Use SQL statements to manage permissions in a Databricks database. +In Redshift, permissions are used to control who can perform certain actions on different database objects. Use SQL statements to manage permissions in a Redshift database. ## Example Redshift permissions From 84416147abfbe3d0ba97af5cee4f74902211d82f Mon Sep 17 00:00:00 2001 From: mirnawong1 <89008547+mirnawong1@users.noreply.github.com> Date: Tue, 31 Oct 2023 17:06:21 +0000 Subject: [PATCH 19/40] Update postgres-permissions.md --- .../docs/reference/database-permissions/postgres-permissions.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/docs/reference/database-permissions/postgres-permissions.md b/website/docs/reference/database-permissions/postgres-permissions.md index 3de71d14b77..942f11321b1 100644 --- a/website/docs/reference/database-permissions/postgres-permissions.md +++ b/website/docs/reference/database-permissions/postgres-permissions.md @@ -3,7 +3,7 @@ title: "Postgres Permissions" --- -In Postgres, permissions are used to control who can perform certain actions on different database objects. Use SQL statements to manage permissions in a Databricks database. +In Postgres, permissions are used to control who can perform certain actions on different database objects. Use SQL statements to manage permissions in a Postgres database. ## Example Postgres permissions From 6cd75895be534fc2b16505bda8d54a5843b00ade Mon Sep 17 00:00:00 2001 From: mirnawong1 <89008547+mirnawong1@users.noreply.github.com> Date: Tue, 31 Oct 2023 17:06:44 +0000 Subject: [PATCH 20/40] Update databricks-permissions.md --- .../reference/database-permissions/databricks-permissions.md | 3 --- 1 file changed, 3 deletions(-) diff --git a/website/docs/reference/database-permissions/databricks-permissions.md b/website/docs/reference/database-permissions/databricks-permissions.md index 8183fc9473e..12e24652ae3 100644 --- a/website/docs/reference/database-permissions/databricks-permissions.md +++ b/website/docs/reference/database-permissions/databricks-permissions.md @@ -11,9 +11,6 @@ The following example provides you with the SQL statements you can use to manage **Note** that you can grant permissions on `securable_objects` to `principals` (This can be user, service principal, or group). For example, `grant privilege_type` on `securable_object` to `principal`. ``` --- NOTE: in general permissions can be granted on securable_objects to -principals (can be user, service principal, or group) --- e.g.: grant privilege_type on securable_object to principal grant all privileges on schema schema_name to principal; grant create table on schema schema_name to principal; From 7196b3709f90e1eccee49f3af743f7104e61819b Mon Sep 17 00:00:00 2001 From: mirnawong1 <89008547+mirnawong1@users.noreply.github.com> Date: Wed, 1 Nov 2023 12:27:21 +0000 Subject: [PATCH 21/40] Update website/docs/reference/database-permissions/about-database-permissions.md --- .../database-permissions/about-database-permissions.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/docs/reference/database-permissions/about-database-permissions.md b/website/docs/reference/database-permissions/about-database-permissions.md index 2f7cf44899d..49cf5af31a2 100644 --- a/website/docs/reference/database-permissions/about-database-permissions.md +++ b/website/docs/reference/database-permissions/about-database-permissions.md @@ -25,7 +25,7 @@ ARE THEY DIFF FROM MODEL GOVERNANCE BC CONTROLS THE DATABASE PERMISSIONS? ## Examples -For more info on examples and how to setup database permissions, refer to the following database permission pages: +Refer to the following database permission pages for more info on examples and how to setup database permissions: - [Databricks](/reference/database-permissions/databricks-permissions) - [Postgres](/reference/database-permissions/postgres-permissions) From 77beb97c165029e66a21c461a7b1185c1126aa2b Mon Sep 17 00:00:00 2001 From: mirnawong1 <89008547+mirnawong1@users.noreply.github.com> Date: Wed, 1 Nov 2023 12:29:53 +0000 Subject: [PATCH 22/40] Update website/docs/reference/database-permissions/about-database-permissions.md --- .../reference/database-permissions/about-database-permissions.md | 1 + 1 file changed, 1 insertion(+) diff --git a/website/docs/reference/database-permissions/about-database-permissions.md b/website/docs/reference/database-permissions/about-database-permissions.md index 49cf5af31a2..861f256e975 100644 --- a/website/docs/reference/database-permissions/about-database-permissions.md +++ b/website/docs/reference/database-permissions/about-database-permissions.md @@ -23,6 +23,7 @@ ARE THEY DIFF FROM MODEL GOVERNANCE BC CONTROLS THE DATABASE PERMISSIONS? - Typical permissions include "SELECT" (read), "INSERT" (add data), "UPDATE" (modify data), "DELETE" (remove data), and administrative rights like "CREATE" and "DROP." - Users should be assigned permissions that ensure they have the necessary access to perform their tasks without overextending privileges. +Something to note is that each data platform provider might have different approaches and names for privileges. Refer to their documentation for more details. ## Examples Refer to the following database permission pages for more info on examples and how to setup database permissions: From 5b75635509d1a88daf59680802a974226549b200 Mon Sep 17 00:00:00 2001 From: mirnawong1 <89008547+mirnawong1@users.noreply.github.com> Date: Wed, 1 Nov 2023 12:34:49 +0000 Subject: [PATCH 23/40] Update website/docs/reference/database-permissions/about-database-permissions.md --- .../reference/database-permissions/about-database-permissions.md | 1 - 1 file changed, 1 deletion(-) diff --git a/website/docs/reference/database-permissions/about-database-permissions.md b/website/docs/reference/database-permissions/about-database-permissions.md index 861f256e975..22ffab2137d 100644 --- a/website/docs/reference/database-permissions/about-database-permissions.md +++ b/website/docs/reference/database-permissions/about-database-permissions.md @@ -7,7 +7,6 @@ sidebar_label: "About database permissions" Database permissions are access rights and privileges granted to users or roles within a database or data platform. They help you specify what actions users or roles can perform on various database objects, like tables, views, schemas, or even the entire database. -ARE THEY DIFF FROM MODEL GOVERNANCE BC CONTROLS THE DATABASE PERMISSIONS? ## Why are they useful From 0bd0d3225c43c07b6cbe3eb26ab10831f4714da8 Mon Sep 17 00:00:00 2001 From: mirnawong1 <89008547+mirnawong1@users.noreply.github.com> Date: Wed, 1 Nov 2023 12:36:30 +0000 Subject: [PATCH 24/40] Update sidebars.js --- website/sidebars.js | 2 ++ 1 file changed, 2 insertions(+) diff --git a/website/sidebars.js b/website/sidebars.js index b0f999aba40..dcead393882 100644 --- a/website/sidebars.js +++ b/website/sidebars.js @@ -936,7 +936,9 @@ const sidebarSettings = { { type: "category", label: "Database Permissions", + link: { type: "doc", id: "reference/database-permissions/about-database-permissions" }, items: [ + "reference/database-permissions/about-database-permissions" "reference/database-permissions/snowflake-permissions", "reference/database-permissions/databricks-permissions", "reference/database-permissions/redshift-permissions", From 325893705e7d6e68df58ff43895d6cf19dcd001b Mon Sep 17 00:00:00 2001 From: mirnawong1 <89008547+mirnawong1@users.noreply.github.com> Date: Wed, 1 Nov 2023 12:37:08 +0000 Subject: [PATCH 25/40] Update about-database-permissions.md --- .../database-permissions/about-database-permissions.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/website/docs/reference/database-permissions/about-database-permissions.md b/website/docs/reference/database-permissions/about-database-permissions.md index 22ffab2137d..c8af3876416 100644 --- a/website/docs/reference/database-permissions/about-database-permissions.md +++ b/website/docs/reference/database-permissions/about-database-permissions.md @@ -3,6 +3,8 @@ title: "Database permissions" id: about-database-permissions description: "Database permissions are access rights and privileges granted to users or roles within a database management system." sidebar_label: "About database permissions" +pagination_next: "reference/database-permissions/databricks-permissions" +pagination_prev: null --- Database permissions are access rights and privileges granted to users or roles within a database or data platform. They help you specify what actions users or roles can perform on various database objects, like tables, views, schemas, or even the entire database. From caa0c5d54bae80827caac5a6fbd9ae78755817f7 Mon Sep 17 00:00:00 2001 From: mirnawong1 <89008547+mirnawong1@users.noreply.github.com> Date: Wed, 1 Nov 2023 12:39:11 +0000 Subject: [PATCH 26/40] Update sidebars.js --- website/sidebars.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/website/sidebars.js b/website/sidebars.js index dcead393882..75f9a7ae364 100644 --- a/website/sidebars.js +++ b/website/sidebars.js @@ -939,10 +939,10 @@ const sidebarSettings = { link: { type: "doc", id: "reference/database-permissions/about-database-permissions" }, items: [ "reference/database-permissions/about-database-permissions" - "reference/database-permissions/snowflake-permissions", "reference/database-permissions/databricks-permissions", - "reference/database-permissions/redshift-permissions", "reference/database-permissions/postgres-permissions", + "reference/database-permissions/redshift-permissions", + "reference/database-permissions/snowflake-permissions", ], }, ], From e212d17a5d3f0102746f29b05ffcb24148917ba2 Mon Sep 17 00:00:00 2001 From: mirnawong1 <89008547+mirnawong1@users.noreply.github.com> Date: Wed, 1 Nov 2023 13:38:06 +0000 Subject: [PATCH 27/40] Update website/docs/reference/database-permissions/postgres-permissions.md --- .../docs/reference/database-permissions/postgres-permissions.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/docs/reference/database-permissions/postgres-permissions.md b/website/docs/reference/database-permissions/postgres-permissions.md index 942f11321b1..da56e9b45f2 100644 --- a/website/docs/reference/database-permissions/postgres-permissions.md +++ b/website/docs/reference/database-permissions/postgres-permissions.md @@ -7,7 +7,7 @@ In Postgres, permissions are used to control who can perform certain actions on ## Example Postgres permissions -The following example provides you with the SQL statements you can use to manage permissions. +The following example provides you with the SQL statements you can use to manage permissions. These examples allow you to run dbt smoothly without encountering permission issues, such as creating schemas, reading existing data, and accessing the information schema. **Note** that `database_name`, `database.schema_name`, and `user_name` are placeholders and you can replace them as needed for your organization's naming convention. From 03ddf3ebdeffbabb1e828a55142015912a929819 Mon Sep 17 00:00:00 2001 From: mirnawong1 <89008547+mirnawong1@users.noreply.github.com> Date: Wed, 1 Nov 2023 17:35:33 +0000 Subject: [PATCH 28/40] Update snowflake-permissions.md adding discourse article to resolves issue https://github.com/dbt-labs/docs.getdbt.com/issues/3824 --- .../snowflake-permissions.md | 126 +++++++++++++++++- 1 file changed, 124 insertions(+), 2 deletions(-) diff --git a/website/docs/reference/database-permissions/snowflake-permissions.md b/website/docs/reference/database-permissions/snowflake-permissions.md index 507202d4d71..637fecf09cc 100644 --- a/website/docs/reference/database-permissions/snowflake-permissions.md +++ b/website/docs/reference/database-permissions/snowflake-permissions.md @@ -4,11 +4,134 @@ title: "Snowflake permissions" In Snowflake, permissions are used to control who can perform certain actions on different database objects. Use SQL statements to manage permissions in a Snowflake database. +## Set up Snowflake account + +This section will explain the exact privileges it takes to set up your Snowflake account: + +1. Set up databases +``` +use role sysadmin; +create database raw; +create database analytics; +``` +2. Set up warehouses +``` +create warehouse loading + warehouse_size = xsmall + auto_suspend = 3600 + auto_resume = false + initially_suspended = true; + +create warehouse transforming + warehouse_size = xsmall + auto_suspend = 60 + auto_resume = true + initially_suspended = true; + +create warehouse reporting + warehouse_size = xsmall + auto_suspend = 60 + auto_resume = true + initially_suspended = true; +``` + +3. Set up roles and warehouse permissions +``` +use role securityadmin; + +create role loader; +grant all on warehouse loading to role loader; + +create role transformer; +grant all on warehouse transforming to role transformer; + +create role reporter; +grant all on warehouse reporting to role reporter; +``` + +4. Create users, assigning them to their roles +Every person and application gets a separate user and is assigned to the correct role. + +``` +create user stitch_user -- or fivetran_user + password = '_generate_this_' + default_warehouse = loading + default_role = loader; + +create user claire -- or amy, jeremy, etc. + password = '_generate_this_' + default_warehouse = transforming + default_role = transformer + must_change_password = true; + +create user dbt_cloud_user + password = '_generate_this_' + default_warehouse = transforming + default_role = transformer; + +create user looker_user -- or mode_user etc. + password = '_generate_this_' + default_warehouse = reporting + default_role = reporter; + +-- then grant these roles to each user +grant role loader to user stitch_user; -- or fivetran_user +grant role transformer to user dbt_cloud_user; +grant role transformer to user claire; -- or amy, jeremy +grant role reporter to user looker_user; -- or mode_user, periscope_user +``` + +5. Let loader load data +Give the role unilateral permission to operate on the raw database +``` +use role sysadmin; +grant all on database raw to role loader; +``` + +6. Let transformer transform data +The transformer role needs to be able to read raw data. + +If you do this before you have any data loaded, you can run: +``` +grant usage on database raw to role transformer; +grant usage on future schemas in database raw to role transformer; +grant select on future tables in database raw to role transformer; +grant select on future views in database raw to role transformer; +``` +If you already have data loaded in the raw database, make sure also you run the following to update the permissions +``` +grant usage on all schemas in database raw to role transformer; +grant select on all tables in database raw to role transformer; +grant select on all views in database raw to role transformer; +``` +transformer also needs to be able to create in the analytics database: +``` +grant all on database analytics to role transformer; +``` +7. Let reporter read the transformed data +A previous version of this article recommended this be implemented through hooks in dbt, but this way lets you get away with a one-off statement. +``` +grant usage on database analytics to role reporter; +grant usage on future schemas in database analytics to role reporter; +grant select on future tables in database analytics to role reporter; +grant select on future views in database analytics to role reporter; +``` +Again, if you already have data in your analytics database, make sure you run: +``` +grant usage on all schemas in database analytics to role reporter; +grant select on all tables in database analytics to role transformer; +grant select on all views in database analytics to role transformer; +``` +8. Maintain +When new users are added, make sure you add them to the right role! Everything else should be inherited automatically thanks to those `future` grants. + +For more discussion and legacy information, refer to [this Discourse article](https://discourse.getdbt.com/t/setting-up-snowflake-the-exact-grant-statements-we-run/439). + ## Example Snowflake permissions The following example provides you with the SQL statements you can use to manage permissions. -**Note** that `warehouse_name`, `database_name`, and `role_name` are placeholders and you can replace them as-needed for your organization's naming convention. +**Note** that `warehouse_name`, `database_name`, and `role_name` are placeholders and you can replace them as needed for your organization's naming convention. ``` @@ -28,4 +151,3 @@ grant select on all tables in database database_name to role role_name; grant select on all views in database database_name to role role_name; ``` -For more info on the privileges how to set up your Snowflake account, refer to [this Discourse article](https://discourse.getdbt.com/t/setting-up-snowflake-the-exact-grant-statements-we-run/439). From dace850a9a001e598513281b640ca551d3593447 Mon Sep 17 00:00:00 2001 From: mirnawong1 <89008547+mirnawong1@users.noreply.github.com> Date: Wed, 1 Nov 2023 17:37:38 +0000 Subject: [PATCH 29/40] Update sidebars.js --- website/sidebars.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/sidebars.js b/website/sidebars.js index 75f9a7ae364..6f6bf008268 100644 --- a/website/sidebars.js +++ b/website/sidebars.js @@ -936,7 +936,7 @@ const sidebarSettings = { { type: "category", label: "Database Permissions", - link: { type: "doc", id: "reference/database-permissions/about-database-permissions" }, + // link: { type: "doc", id: "reference/database-permissions/about-database-permissions" }, items: [ "reference/database-permissions/about-database-permissions" "reference/database-permissions/databricks-permissions", From b08a9af0337f259cd0c5d4cb40fc7ab8cf9cdecd Mon Sep 17 00:00:00 2001 From: mirnawong1 <89008547+mirnawong1@users.noreply.github.com> Date: Wed, 1 Nov 2023 17:38:24 +0000 Subject: [PATCH 30/40] Update website/docs/faqs/Warehouse/database-privileges.md --- website/docs/faqs/Warehouse/database-privileges.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/docs/faqs/Warehouse/database-privileges.md b/website/docs/faqs/Warehouse/database-privileges.md index 692b67f4e0a..3761b81fe67 100644 --- a/website/docs/faqs/Warehouse/database-privileges.md +++ b/website/docs/faqs/Warehouse/database-privileges.md @@ -13,7 +13,7 @@ schema¹ `information_schema`) On Postgres, Redshift, Databricks, and Snowflake, use a series of `grants` to ensure that -your user has the correct privileges. Check out [example permissions](/reference/database-permissions/snowflake-permissions) for these warehouses. +your user has the correct privileges. Check out [example permissions](/reference/database-permissions/about-database-permissions) for these warehouses. On BigQuery, use the "BigQuery User" role to assign these privileges. From b5b4795cd15e0b392c107512669a838c227cc951 Mon Sep 17 00:00:00 2001 From: mirnawong1 <89008547+mirnawong1@users.noreply.github.com> Date: Wed, 1 Nov 2023 17:41:51 +0000 Subject: [PATCH 31/40] Update connect-databricks.md --- .../docs/docs/cloud/connect-data-platform/connect-databricks.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/website/docs/docs/cloud/connect-data-platform/connect-databricks.md b/website/docs/docs/cloud/connect-data-platform/connect-databricks.md index b66f5890c61..032246ad16a 100644 --- a/website/docs/docs/cloud/connect-data-platform/connect-databricks.md +++ b/website/docs/docs/cloud/connect-data-platform/connect-databricks.md @@ -26,6 +26,8 @@ Unity Catalog allows Databricks users to centrally manage all data assets, simpl To learn how to optimize performance with data platform-specific configurations in dbt Cloud, refer to [Databricks-specific configuration](/reference/resource-configs/databricks-configs). +To grant users or roles database permissions (access rights and privileges), refer to the [example permissions](/reference/database-permissions/databricks-permissions) page. + To set up the Databricks connection, supply the following fields: From 12461016d10d9106788f9ef820140302de22c415 Mon Sep 17 00:00:00 2001 From: mirnawong1 <89008547+mirnawong1@users.noreply.github.com> Date: Wed, 1 Nov 2023 17:43:14 +0000 Subject: [PATCH 32/40] Update connect-redshift-postgresql-alloydb.md --- .../connect-redshift-postgresql-alloydb.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/website/docs/docs/cloud/connect-data-platform/connect-redshift-postgresql-alloydb.md b/website/docs/docs/cloud/connect-data-platform/connect-redshift-postgresql-alloydb.md index dae0ee1d178..ee5b09e83ef 100644 --- a/website/docs/docs/cloud/connect-data-platform/connect-redshift-postgresql-alloydb.md +++ b/website/docs/docs/cloud/connect-data-platform/connect-redshift-postgresql-alloydb.md @@ -64,3 +64,5 @@ The Bastion server should now be ready for dbt Cloud to use as a tunnel into the ## Configuration To learn how to optimize performance with data platform-specific configurations in dbt Cloud, refer to [Redshift-specific configuration](/reference/resource-configs/redshift-configs). + +To grant users or roles database permissions (access rights and privileges), refer to the [Redshift permissions](/reference/database-permissions/redshift-permissions) page or [Postgres permissions](/reference/database-permissions/postgres-permissions) page. From 4ec7ff6f064c11adbbce95a8e7a372e4c3a987ed Mon Sep 17 00:00:00 2001 From: mirnawong1 <89008547+mirnawong1@users.noreply.github.com> Date: Wed, 1 Nov 2023 17:46:22 +0000 Subject: [PATCH 33/40] Update sidebars.js --- website/sidebars.js | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/website/sidebars.js b/website/sidebars.js index 6f6bf008268..1e48905f62c 100644 --- a/website/sidebars.js +++ b/website/sidebars.js @@ -936,9 +936,8 @@ const sidebarSettings = { { type: "category", label: "Database Permissions", - // link: { type: "doc", id: "reference/database-permissions/about-database-permissions" }, items: [ - "reference/database-permissions/about-database-permissions" + "reference/database-permissions/about-database-permissions", "reference/database-permissions/databricks-permissions", "reference/database-permissions/postgres-permissions", "reference/database-permissions/redshift-permissions", From 28f376d48e0e40f03f4f6cefb559a3a8a0a74773 Mon Sep 17 00:00:00 2001 From: mirnawong1 <89008547+mirnawong1@users.noreply.github.com> Date: Wed, 1 Nov 2023 17:48:51 +0000 Subject: [PATCH 34/40] Update sidebars.js From d7fd7d435bbdbfb386eba8df7a0e929dccb80d4e Mon Sep 17 00:00:00 2001 From: mirnawong1 <89008547+mirnawong1@users.noreply.github.com> Date: Wed, 1 Nov 2023 18:07:18 +0000 Subject: [PATCH 35/40] Update website/docs/reference/database-permissions/snowflake-permissions.md --- .../reference/database-permissions/snowflake-permissions.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/docs/reference/database-permissions/snowflake-permissions.md b/website/docs/reference/database-permissions/snowflake-permissions.md index 637fecf09cc..962ae490e86 100644 --- a/website/docs/reference/database-permissions/snowflake-permissions.md +++ b/website/docs/reference/database-permissions/snowflake-permissions.md @@ -6,7 +6,7 @@ In Snowflake, permissions are used to control who can perform certain actions on ## Set up Snowflake account -This section will explain the exact privileges it takes to set up your Snowflake account: +This section explains how to set up permissions and roles within Snowflake. In Snowflake, you would perform these actions using SQL commands to set up your data warehouse and access control within Snowflake's ecosystem. 1. Set up databases ``` From 356c281decf8a27022bae3bb5e765ecede31f7bc Mon Sep 17 00:00:00 2001 From: mirnawong1 <89008547+mirnawong1@users.noreply.github.com> Date: Wed, 1 Nov 2023 18:07:43 +0000 Subject: [PATCH 36/40] Update website/docs/reference/database-permissions/snowflake-permissions.md --- .../reference/database-permissions/snowflake-permissions.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/docs/reference/database-permissions/snowflake-permissions.md b/website/docs/reference/database-permissions/snowflake-permissions.md index 962ae490e86..6bc7e09ec11 100644 --- a/website/docs/reference/database-permissions/snowflake-permissions.md +++ b/website/docs/reference/database-permissions/snowflake-permissions.md @@ -6,7 +6,7 @@ In Snowflake, permissions are used to control who can perform certain actions on ## Set up Snowflake account -This section explains how to set up permissions and roles within Snowflake. In Snowflake, you would perform these actions using SQL commands to set up your data warehouse and access control within Snowflake's ecosystem. +This section explains how to set up permissions and roles within Snowflake. In Snowflake, you would perform these actions using SQL commands and set up your data warehouse and access control within Snowflake's ecosystem. 1. Set up databases ``` From a44a9c4a8716892ca0e6a682a80879b1a9ef0ca8 Mon Sep 17 00:00:00 2001 From: mirnawong1 <89008547+mirnawong1@users.noreply.github.com> Date: Wed, 1 Nov 2023 18:08:29 +0000 Subject: [PATCH 37/40] Update website/docs/reference/database-permissions/snowflake-permissions.md --- .../docs/reference/database-permissions/snowflake-permissions.md | 1 + 1 file changed, 1 insertion(+) diff --git a/website/docs/reference/database-permissions/snowflake-permissions.md b/website/docs/reference/database-permissions/snowflake-permissions.md index 6bc7e09ec11..3f474242834 100644 --- a/website/docs/reference/database-permissions/snowflake-permissions.md +++ b/website/docs/reference/database-permissions/snowflake-permissions.md @@ -50,6 +50,7 @@ grant all on warehouse reporting to role reporter; ``` 4. Create users, assigning them to their roles + Every person and application gets a separate user and is assigned to the correct role. ``` From f373cbe441ef0e7cce4fb5d9591a706c171edf8b Mon Sep 17 00:00:00 2001 From: mirnawong1 <89008547+mirnawong1@users.noreply.github.com> Date: Wed, 1 Nov 2023 18:10:01 +0000 Subject: [PATCH 38/40] Update website/docs/reference/database-permissions/about-database-permissions.md --- .../database-permissions/about-database-permissions.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/docs/reference/database-permissions/about-database-permissions.md b/website/docs/reference/database-permissions/about-database-permissions.md index c8af3876416..5f2a1f7419c 100644 --- a/website/docs/reference/database-permissions/about-database-permissions.md +++ b/website/docs/reference/database-permissions/about-database-permissions.md @@ -10,7 +10,7 @@ pagination_prev: null Database permissions are access rights and privileges granted to users or roles within a database or data platform. They help you specify what actions users or roles can perform on various database objects, like tables, views, schemas, or even the entire database. -## Why are they useful +### Why are they useful - Database permissions are essential for security and data access control. - They ensure that only authorized users can perform specific actions. From 6768a728acd3e243d8086c9cc730ea2868d35745 Mon Sep 17 00:00:00 2001 From: mirnawong1 <89008547+mirnawong1@users.noreply.github.com> Date: Wed, 1 Nov 2023 18:10:25 +0000 Subject: [PATCH 39/40] Update about-database-permissions.md --- .../database-permissions/about-database-permissions.md | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/website/docs/reference/database-permissions/about-database-permissions.md b/website/docs/reference/database-permissions/about-database-permissions.md index 5f2a1f7419c..e23c5d7925b 100644 --- a/website/docs/reference/database-permissions/about-database-permissions.md +++ b/website/docs/reference/database-permissions/about-database-permissions.md @@ -17,7 +17,7 @@ Database permissions are access rights and privileges granted to users or roles - They help maintain data integrity, prevent unauthorized changes, and limit exposure to sensitive data. - Permissions also support compliance with data privacy regulations and auditing. -## How to use them +### How to use them - Users and administrators can grant and manage permissions using SQL statements or through the database system's interface. - Assign permissions to individual users or roles (groups of users) based on their responsibilities. @@ -25,9 +25,10 @@ Database permissions are access rights and privileges granted to users or roles - Users should be assigned permissions that ensure they have the necessary access to perform their tasks without overextending privileges. Something to note is that each data platform provider might have different approaches and names for privileges. Refer to their documentation for more details. -## Examples -Refer to the following database permission pages for more info on examples and how to setup database permissions: +### Examples + +Refer to the following database permission pages for more info on examples and how to set up database permissions: - [Databricks](/reference/database-permissions/databricks-permissions) - [Postgres](/reference/database-permissions/postgres-permissions) From 14aa364d9c5e1c8b270706dbb19c5dfaa48aac38 Mon Sep 17 00:00:00 2001 From: mirnawong1 <89008547+mirnawong1@users.noreply.github.com> Date: Wed, 1 Nov 2023 18:10:38 +0000 Subject: [PATCH 40/40] Update website/docs/reference/database-permissions/about-database-permissions.md --- .../database-permissions/about-database-permissions.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/docs/reference/database-permissions/about-database-permissions.md b/website/docs/reference/database-permissions/about-database-permissions.md index e23c5d7925b..76fff517646 100644 --- a/website/docs/reference/database-permissions/about-database-permissions.md +++ b/website/docs/reference/database-permissions/about-database-permissions.md @@ -19,7 +19,7 @@ Database permissions are access rights and privileges granted to users or roles ### How to use them -- Users and administrators can grant and manage permissions using SQL statements or through the database system's interface. +- Users and administrators can grant and manage permissions at various levels (such as table, schema, and so on) using SQL statements or through the database system's interface. - Assign permissions to individual users or roles (groups of users) based on their responsibilities. - Typical permissions include "SELECT" (read), "INSERT" (add data), "UPDATE" (modify data), "DELETE" (remove data), and administrative rights like "CREATE" and "DROP." - Users should be assigned permissions that ensure they have the necessary access to perform their tasks without overextending privileges.