Skip to content

Commit 0843cc9

Browse files
dsalajdsalaj
committed
use access_roles
1 parent aa9ce2a commit 0843cc9

File tree

1 file changed

+26
-0
lines changed

1 file changed

+26
-0
lines changed

terraform/access_roles.tf

Lines changed: 26 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,26 @@
1+
module "access_roles" {
2+
source = "github.com/inovex/snowform_access_roles/local"
3+
version = "0.0.1"
4+
db = snowflake_database.common_db
5+
data_layers = [
6+
{
7+
name = "COMMON"
8+
}
9+
]
10+
depends_on = [
11+
snowflake_database.common_db,
12+
snowflake_schema.common_common_schema,
13+
]
14+
providers = {
15+
snowflake.useradmin = snowflake.useradmin
16+
snowflake.sysadmin = snowflake.sysadmin
17+
snowflake.securityadmin = snowflake.securityadmin
18+
}
19+
}
20+
21+
# SECURITYADMIN needs to be allowed to use COMMON schema for network policies
22+
# resource "snowflake_execute" "grant_create_network_rule_to_securityadmin" {
23+
# provider = snowflake.sysadmin
24+
# execute = "GRANT CREATE NETWORK RULE ON SCHEMA ${snowflake_database.common_db.name}.${snowflake_schema.common_common_schema.name} TO ROLE SECURITYADMIN;"
25+
# revert = "REVOKE CREATE NETWORK RULE ON SCHEMA ${snowflake_database.common_db.name}.${snowflake_schema.common_common_schema.name} FROM ROLE SECURITYADMIN;"
26+
# }

0 commit comments

Comments
 (0)