Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow SECURITYADMIN to deploy schemachange #105

Merged
merged 1 commit into from
Jan 24, 2025
Merged

Allow SECURITYADMIN to deploy schemachange #105

merged 1 commit into from
Jan 24, 2025

Conversation

philerooski
Copy link
Collaborator

From point 2 in this comment, we want to execute future grants within a versioned script.

We already have a database, METADATA, which we use for managing the change history of account-level objects. Since future grants are grants on privileges which don't yet exist, we need to create them with a role which has the MANAGE GRANTS privilege (i.e., SECURITYADMIN). SECURITYADMIN doesn't yet have privileges to the METADATA.SCHEMACHANGE.CHANGE_HISTORY table. That's what this PR accomplishes.

While the object we are granting future privileges on are database and schema-level objects, rather than account-level objects, I still think it makes sense to track changes to their future grants in METADATA since its the future grants themselves which behave like account-level objects, requiring the account-level privilege MANAGE GRANTS to create.

@philerooski philerooski requested a review from a team as a code owner January 16, 2025 23:23
@philerooski philerooski mentioned this pull request Jan 16, 2025
Merged
thomasyu888
thomasyu888 approved these changes Jan 17, 2025
View reviewed changes
Copy link
Member

@thomasyu888 thomasyu888 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🔥 LGTM!

@philerooski philerooski requested a review from jaymedina January 21, 2025 23:17
@philerooski philerooski force-pushed the snow-198-schemachange-securityadmin branch from 3f1351f to 7a85b00 Compare January 24, 2025 22:04
@sonarqubecloud SonarQubeCloud
Copy link

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

jaymedina
jaymedina approved these changes Jan 24, 2025
View reviewed changes
Copy link
Contributor

@jaymedina jaymedina left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for this!

@philerooski philerooski merged commit 2faa0ed into dev Jan 24, 2025
3 checks passed
@philerooski philerooski deleted the snow-198-schemachange-securityadmin branch January 24, 2025 22:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@thomasyu888 thomasyu888 thomasyu888 approved these changes

@jaymedina jaymedina jaymedina approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@philerooski @thomasyu888 @jaymedina