Transfer ACCOUNTADMIN Ownership to Custom Role

2 0

Ownership Transfer to Custom Role: Consider a scenario, in current database we have list of tables created by ACCOUNTADMIN role. Therefore, The ownership of these tables belongs to AccountAdmin only. Say after few months some new members have been onboarded the Snowflake project. As discuss within the team we create multiple custom roles and assign them to the users respectively. Team has agreed , instead of keeping the ownership with AccountAdmin this needs to be transfer to other custom roles.

However, the main motto was to least the burden from the AccountAdmin by transferring the ownership and new users would take the control of these tables. Initially it seems very simple solution as we have to run only below statement to complete the task.

GRANT OWNERSHIP ON TABLE <<TABLE_NAME>>  TO ROLE <<ROLE_NAME>>;

But our current database has huge list of tables in particular Schema and running the command for each individual tables is not feasible approach. So now the challenge is how we can transfer the existing ownership to Custom Roles automatically without any manual intervention.

Stored Procedure:

Therefore, To implement the same we have developed the below stored procedure which will get the list of tables and Grant the ownership to new Role programmatically.

We have CUSTOM_ROLE_DB having the list of tables created by ACCOUNTADMIN role. As per our use case we would be transferring the ownership of these tables to custom Role.

Pin it
Email
https://cloudyard.in/2023/04/transfer-accountadmin-ownership-to-custom-role/#QUNDT1VOVEFETUl

We have created below “CUSTOM_ROLE” and  user : S_USER and grant the privileges on CUSTOM_ROLE_DB.

Pin it
Email
https://cloudyard.in/2023/04/transfer-accountadmin-ownership-to-custom-role/#Q1VTVE9NLVJPTEU

Login to the Snowflake with new user : S_USER.

There are no tables present inside the DB under PUBLIC schema.

Pin it
Email
https://cloudyard.in/2023/04/transfer-accountadmin-ownership-to-custom-role/#Q1VTVE9NX1JPTEU

We will be creating the below procedure inside the Database.

Pin it
Email
https://cloudyard.in/2023/04/transfer-accountadmin-ownership-to-custom-role/#UHJvY2VkdXJlLmp

Pin it
Email
https://cloudyard.in/2023/04/transfer-accountadmin-ownership-to-custom-role/#UHJvY2VkdXJlLTE

Call the Procedure with input as your Custom Role name.

call TRANSFER_privilges(‘CUSTOM_ROLE’);

Below is the output of the procedure.

Pin it
Email
https://cloudyard.in/2023/04/transfer-accountadmin-ownership-to-custom-role/#UHJvY2VkdXJlLU9

Login to the Snowflake with S_USER and verify all the tables are visible under CUSTOM_ROLE with ownership has been changed from ACCOUNTADMIN.

Pin it
Email
https://cloudyard.in/2023/04/transfer-accountadmin-ownership-to-custom-role/#Q1VTVE9NX1JPTEU

Try to delete the table via ACCOUNTADMIN role inside the CUSTOM_ROLE_DB:

Pin it
Email
https://cloudyard.in/2023/04/transfer-accountadmin-ownership-to-custom-role/#RGVsZXRlLXdpdGg

Try to delete the same table via CUSTOM_ROLE.

Pin it
Email
https://cloudyard.in/2023/04/transfer-accountadmin-ownership-to-custom-role/#RGVsZXRlLXdpdGg

Pin it
Email
https://cloudyard.in/2023/04/transfer-accountadmin-ownership-to-custom-role/#ZDQyYWFmNjUzMzF

About Post Author

Sachin Mittal

sachin.mittal04@gmail.com

https://cloudyard.in

Pin it
Email
https://cloudyard.in/2023/04/transfer-accountadmin-ownership-to-custom-role/#aGFwcHkuc3Zn

Happy

0 0 %

Pin it
Email
https://cloudyard.in/2023/04/transfer-accountadmin-ownership-to-custom-role/#c2FkLnN2Zw==

Sad

0 0 %

Pin it
Email
https://cloudyard.in/2023/04/transfer-accountadmin-ownership-to-custom-role/#ZXhjaXRlZC5zdmc

Excited

0 0 %

Pin it
Email
https://cloudyard.in/2023/04/transfer-accountadmin-ownership-to-custom-role/#c2xlZXB5LnN2Zw=

Sleepy

0 0 %

Pin it
Email
https://cloudyard.in/2023/04/transfer-accountadmin-ownership-to-custom-role/#YW5ncnkuc3Zn

Angry

0 0 %

Pin it
Email
https://cloudyard.in/2023/04/transfer-accountadmin-ownership-to-custom-role/#c3VycHJpc2Uuc3Z

Surprise

0 0 %