Learn
/
Snowflake
September 16, 2024

What Is Snowflake Show Grants?

Overview of using SHOW GRANTS in Snowflake to review granted privileges and permissions.
Dexter Chu
Head of Marketing

Get started with Secoda

See why hundreds of industry leaders trust Secoda to unlock their data's full potential.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

How to evaluate a data catalog

See why hundreds of industry leaders trust Secoda to unlock their data's full potential.

Get the guide

The SHOW GRANTS command in Snowflake provides a comprehensive overview of all access control privileges explicitly granted to roles, users, and shares within a Snowflake instance. By listing these privileges, it plays a crucial role in managing and auditing access control configurations.

What is a Grant in Snowflake?

A grant in Snowflake refers to a formal permission or privilege that controls access to Snowflake's resources, such as databases, schemas, tables, or even more granular data elements. These grants determine what actions specific users or roles can perform, such as reading, writing, or executing stored procedures.

In Snowflake, managing grants is a fundamental aspect of enforcing security and governance, ensuring that users only have the access necessary to perform their roles.

Why is the SHOW GRANTS Command Important?

The importance of the SHOW GRANTS command in Snowflake cannot be overstated. It plays a critical role in several areas:

  • Security and Compliance: Ensuring that access controls are appropriately configured is vital for maintaining security and compliance. The SHOW GRANTS command provides visibility into who has access to what, helping to prevent unauthorized data access.
  • Auditing and Monitoring: Regularly auditing access control configurations is essential for detecting and addressing any potential security issues. The SHOW GRANTS command facilitates this by providing detailed information on all granted privileges.
  • Troubleshooting Access Issues: When users encounter access issues, the SHOW GRANTS command can help identify the root cause by showing the current state of permissions.
  • Efficient Access Management: By providing a comprehensive view of access control configurations, the SHOW GRANTS command enables administrators to manage permissions more efficiently, ensuring that users have the necessary access without over-provisioning.

How do you use the SHOW GRANTS Command in Snowflake?

The SHOW GRANTS command is designed to display the privileges that have been assigned within a database system. The command can be customized to show different levels of detail depending on what the user needs. Below is a breakdown of its structure.

Basic Command Structure

This is the simplest form of the SHOW GRANTS command. It retrieves all grants across the system.

SHOW GRANTS;

Optional Clause:

LIMIT <rows>: Limits the number of rows returned by the query.

SHOW GRANTS LIMIT 10;

Account-Level Privileges

This structure is used to retrieve privileges granted at the account level, meaning it shows what permissions are assigned to the account itself.

SHOW GRANTS ON ACCOUNT;

Optional Clause:

LIMIT <rows>: As with the basic command, you can limit the number of results.

SHOW GRANTS ON ACCOUNT LIMIT 5;

Object-Level Privileges

This variation shows privileges granted on specific objects, such as tables, views, or schemas. You must specify the type and name of the object.

SHOW GRANTS ON <object_type> <object_name>;

Optional Clause:

LIMIT <rows>: Limits the number of rows returned by the query.

SHOW GRANTS ON TABLE my_table LIMIT 3;

Privileges Granted to Specific Entities

This form of the command displays privileges granted to specific entities like applications, roles, shares, or users.

SHOW GRANTS TO { APPLICATION <app_name> | ROLE <role_name> | USER <user_name> };

Optional Clause:

LIMIT <rows>: Limits the number of rows returned by the query.

SHOW GRANTS TO USER my_user LIMIT 10;

Privileges of Specific Roles

This command shows the privileges that are assigned to specific roles within the system.

SHOW GRANTS OF ROLE <role_name>;

Optional Clause:

LIMIT <rows>: Limits the number of rows returned by the query.

SHOW GRANTS OF ROLE my_role LIMIT 5;

Future Grants in a Specific Schema or Database

This structure is used to display privileges that will automatically be granted to objects created in the future within a specific schema or database.

SHOW FUTURE GRANTS IN { SCHEMA <schema_name> | DATABASE <database_name> };

Optional Clause:

LIMIT <rows>: Limits the number of rows returned by the query.

SHOW FUTURE GRANTS IN SCHEMA my_schema LIMIT 7;

Future Grants to Specific Roles

This form of the command shows future grants that will be automatically assigned to specific roles.

SHOW FUTURE GRANTS TO ROLE <role_name>;

Optional Clause:

LIMIT <rows>: Limits the number of rows returned by the query.

SHOW FUTURE GRANTS TO ROLE my_role LIMIT 4;

What are the Usage Notes for the SHOW GRANTS Command?

Understanding the nuances of the SHOW GRANTS command is essential for effective use. Here are some critical points to consider:

  • Grantor Role Identification: The granted_by column indicates the role that authorized the privilege grant. This role could be the object owner, a role with the grant option, or a role with the global MANAGE GRANTS privilege.
  • Special Syntax for Application Packages: The SHOW GRANTS … TO SHARE IN APPLICATION PACKAGE syntax includes additional columns such as grantee_name, granted_to, and granted_by_role_type.
  • Data Sharing Specifics: Data sharing consumers can only view privileges granted to the share. Certain columns might be empty depending on the grant setup and the type of shared object.
  • Grant Options and Managed Access Schemas: The grant_options column returns FALSE for managed access schemas, while the privilege column includes OWNERSHIP and MANAGE GRANTS for roles owning managed access schemas.

Common Challenges and Solutions

While using the SHOW GRANTS command, you might encounter some common challenges or errors. Here are some solutions:

  • Insufficient Privileges: Ensure that the user executing the SHOW GRANTS command has the necessary privileges to view the grants. You might need to grant the MANAGE GRANTS privilege to the user.
  • Incorrect Syntax: Double-check the syntax of your SHOW GRANTS command. Ensure that you are using the correct object types, names, and other parameters.
  • Large Result Sets: If the result set is too large, consider using the LIMIT clause to restrict the number of rows returned. This can help in managing performance and readability.

Recap of SHOW GRANTS Command in Snowflake

Here are the key takeaways from this tutorial on the SHOW GRANTS command in Snowflake:

  • Comprehensive Overview: The SHOW GRANTS command provides a detailed overview of all access control privileges granted within a Snowflake instance, helping in managing and auditing access control configurations.
  • Various Applications: The command can be used to list account-level privileges, object-level privileges, privileges granted to specific entities, and future grants, among others.
  • Effective Management: By using the SHOW GRANTS command effectively, administrators can ensure proper access control configurations, maintain security and compliance, and manage permissions efficiently.
In this story
This is also a heading
This is a heading

Keep reading

View all
Data Catalog

Secoda vs Atlan: A comparative study on data compliance features

Compliance Features: Reviewing how Secoda and Atlan support data compliance and regulatory requirements.

Data Catalog

Data literacy and adoption in your organization: Secoda vs Atlan

Data Literacy: Evaluating the role of Secoda and Atlan in promoting data literacy and user adoption.

Data Catalog

Scalability and performance: Comparative review of Secoda and Atlan

System Performance: Assessing the scalability and performance metrics of Secoda and Atlan in data management.

Get started in minutes

Built for data teams, designed for everyone so you can get more from your data stack.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
CustomersCareersDocumentationGlossary

Product

Data catalogData dictionaryData lineageData sharingData ticketingData governanceData privacyData observability

Solutions

Data LeadData EngineerData AnalystData ConsumersGovernance ManagerBusiness OperationsProduct Managers

Use cases

Metadata managementData onboardingData enablementData documentationSelf service business intelligence

Resources

PricingCustomersBlogGuidesDocumentationBuyers guideSecoda vs. AtlanSecoda vs. Open SourceSecoda vs. CastorSecoda vs. Select StarSecoda vs. CollibraROI calculatorData enablement whitepaperExplore

Company

AboutContact usCareersGDPR readinessSecurityBrand

Social

LinkedInXInstagramYoutube

© 2024 Secoda, Inc. All rights reserved.
By using this website, you accept our Terms of Use and Privacy Policy.