snowflake.core.role.RoleResource¶

class snowflake.core.role.RoleResource(name: str, collection: RoleCollection)¶

Bases: ObjectReferenceMixin[RoleCollection]

Represents a reference to a Snowflake role.

With this role reference, you can delete roles.

Attributes

root¶

The Root object this reference belongs to.

Methods

delete() → None¶

The delete() method is deprecated; use drop() instead.

drop(if_exists: bool | None = None) → None¶

Drop this role.

For more information

Go to the SQL command page to view more information about arguments, options, privileges requirements, and usage guidelines.

View
Parameters:

if_exists (bool, optional) – Check the existence of this role before dropping it. Default is None, which is equivalent to False.

Examples

Deleting a role using its reference:

>>> role_reference.drop()
Copy
drop_async(if_exists: bool | None = None) → PollingOperation[None]¶

An asynchronous version of drop().

Refer to PollingOperation for more information on asynchronous execution and the return type.

For more information

Go to the SQL command page to view more information about arguments, options, privileges requirements, and usage guidelines.

View
grant_future_privileges(privileges: list[str], securable_type: str, containing_scope: ContainingScope, grant_option: bool | None = None) → None¶

Grant privileges on all future securables matching the criteria to this role.

For more information

Go to the SQL command page to view more information about arguments, options, privileges requirements, and usage guidelines.

View
Parameters:

  • privileges (list[str]) – The list of privileges to be granted.

  • securable_type (str) – The type of securable on which the privileges would be granted.

  • containing_scope (ContainingScope) – The criteria to match the securables.

  • grant_option (bool, optional) – If True, the grantee can grant the privilege to others. Default is None which means False.

Examples

Using a role reference to grant privileges on all future schemas in a database to it:

>>> reference_role.grant_future_privileges(
...     ["CREATE", "USAGE"], "schema", ContainingScope(database="test_db")
... )
Copy
grant_future_privileges_async(privileges: list[str], securable_type: str, containing_scope: ContainingScope, grant_option: bool | None = None) → PollingOperation[None]¶

An asynchronous version of grant_future_privileges().

Refer to PollingOperation for more information on asynchronous execution and the return type.

For more information

Go to the SQL command page to view more information about arguments, options, privileges requirements, and usage guidelines.

View
grant_privileges(privileges: list[str], securable_type: str, securable: Securable | None = None, grant_option: bool | None = None) → None¶

Grant privileges on a securable to this role.

For more information

Go to the SQL command page to view more information about arguments, options, privileges requirements, and usage guidelines.

View
Parameters:

  • privileges (list[str]) – The list of privileges to be granted.

  • securable_type (str) – The type of securable on which the privileges would be granted.

  • securable (Securable, optional) – The securable on which the privileges would be granted. Default is None.

  • grant_option (bool, optional) – If True, the grantee can grant the privilege to others. Default is None which means False.

Examples

Using a role reference to grant privileges to it:

>>> reference_role.grant_privileges(["CREATE", "USAGE"], "database", Securable(database="test_db"))
Copy
grant_privileges_async(privileges: list[str], securable_type: str, securable: Securable | None = None, grant_option: bool | None = None) → PollingOperation[None]¶

An asynchronous version of grant_privileges().

Refer to PollingOperation for more information on asynchronous execution and the return type.

For more information

Go to the SQL command page to view more information about arguments, options, privileges requirements, and usage guidelines.

View
grant_privileges_on_all(privileges: list[str], securable_type: str, containing_scope: ContainingScope, grant_option: bool | None = None) → None¶

Grant privileges on all securables matching the criteria to this role.

For more information

Go to the SQL command page to view more information about arguments, options, privileges requirements, and usage guidelines.

View
Parameters:

  • privileges (list[str]) – The list of privileges to be granted.

  • securable_type (str) – The type of securable on which the privileges would be granted.

  • containing_scope (ContainingScope) – The criteria to match the securables.

  • grant_option (bool, optional) – If True, the grantee can grant the privilege to others. Default is None which means False.

Examples

Using a role reference to grant privileges on all schemas in a database to it:

>>> reference_role.grant_privileges_on_all(
...     ["CREATE", "USAGE"], "schema", ContainingScope(database="test_db")
... )
Copy
grant_privileges_on_all_async(privileges: list[str], securable_type: str, containing_scope: ContainingScope, grant_option: bool | None = None) → PollingOperation[None]¶

An asynchronous version of grant_privileges_on_all().

Refer to PollingOperation for more information on asynchronous execution and the return type.

For more information

Go to the SQL command page to view more information about arguments, options, privileges requirements, and usage guidelines.

View
grant_role(role_type: str, role: Securable) → None¶

Grant a role to this role.

For more information

Go to the SQL command page to view more information about arguments, options, privileges requirements, and usage guidelines.

View
Parameters:

  • role_type (str) – The type of role which would be granted.

  • role (Securable) – The role which would be granted.

Examples

Using a role reference to grant a role to it:

>>> reference_role.grant("role", Securable(name="test_role"))
Copy
grant_role_async(role_type: str, role: Securable) → PollingOperation[None]¶

An asynchronous version of grant_role().

Refer to PollingOperation for more information on asynchronous execution and the return type.

For more information

Go to the SQL command page to view more information about arguments, options, privileges requirements, and usage guidelines.

View
iter_future_grants_to(show_limit: int | None = None) → Iterator[Grant]¶

List future grants to this role.

Lists all privileges on new (i.e. future) objects of a specified type in a database or schema granted to the role.

For more information

Go to the SQL command page to view more information about arguments, options, privileges requirements, and usage guidelines.

View
Parameters:

show_limit (int, optional) – Limit of the maximum number of rows returned by iter(). The default is None, which behaves equivalently to show_limit=10000. This value must be between 1 and 10000.

Examples

Using a role reference to list future grants to it:

>>> reference_role.iter_future_grants_to()
Copy
iter_future_grants_to_async(show_limit: int | None = None) → PollingOperation[Iterator[Grant]]¶

An asynchronous version of iter_future_grants_to().

Refer to PollingOperation for more information on asynchronous execution and the return type.

For more information

Go to the SQL command page to view more information about arguments, options, privileges requirements, and usage guidelines.

View
iter_grants_of(show_limit: int | None = None) → Iterator[GrantOf]¶

List grants of this role.

Lists all users and roles to which the role has been granted.

For more information

Go to the SQL command page to view more information about arguments, options, privileges requirements, and usage guidelines.

View
Parameters:

show_limit (int, optional) – Limit of the maximum number of rows returned by iter(). The default is None, which behaves equivalently to show_limit=10000. This value must be between 1 and 10000.

Examples

Using a role reference to list grants of it:

>>> reference_role.iter_grants_of()
Copy
iter_grants_of_async(show_limit: int | None = None) → PollingOperation[Iterator[GrantOf]]¶

An asynchronous version of iter_grants_of().

Refer to PollingOperation for more information on asynchronous execution and the return type.

For more information

Go to the SQL command page to view more information about arguments, options, privileges requirements, and usage guidelines.

View
iter_grants_on(show_limit: int | None = None) → Iterator[GrantOn]¶

List grants on this role.

Lists all privileges that have been granted on the role.

For more information

Go to the SQL command page to view more information about arguments, options, privileges requirements, and usage guidelines.

View
Parameters:

show_limit (int, optional) – Limit of the maximum number of rows returned by iter(). The default is None, which behaves equivalently to show_limit=10000. This value must be between 1 and 10000.

Examples

Using a role reference to list grants on it:

>>> reference_role.iter_grants_on()
Copy
iter_grants_on_async(show_limit: int | None = None) → PollingOperation[Iterator[GrantOn]]¶

An asynchronous version of iter_grants_on().

Refer to PollingOperation for more information on asynchronous execution and the return type.

For more information

Go to the SQL command page to view more information about arguments, options, privileges requirements, and usage guidelines.

View
iter_grants_to(show_limit: int | None = None) → Iterator[Grant]¶

List grants to this role.

Lists all privileges and roles granted to the role.

For more information

Go to the SQL command page to view more information about arguments, options, privileges requirements, and usage guidelines.

View
Parameters:

show_limit (int, optional) – Limit of the maximum number of rows returned by iter(). The default is None, which behaves equivalently to show_limit=10000. This value must be between 1 and 10000.

Examples

Using a role reference to list grants to it:

>>> reference_role.iter_grants_to()
Copy
iter_grants_to_async(show_limit: int | None = None) → PollingOperation[Iterator[Grant]]¶

An asynchronous version of iter_grants_to().

Refer to PollingOperation for more information on asynchronous execution and the return type.

For more information

Go to the SQL command page to view more information about arguments, options, privileges requirements, and usage guidelines.

View
revoke_future_privileges(privileges: list[str], securable_type: str, containing_scope: ContainingScope, mode: DeleteMode | None = None) → None¶

Revoke privileges on all future securables matching the criteria from this role.

For more information

Go to the SQL command page to view more information about arguments, options, privileges requirements, and usage guidelines.

View
Parameters:

  • privileges (list[str]) – The list of privileges to be revoked.

  • securable_type (str) – The type of securable on which the privileges would be revoked.

  • containing_scope (ContainingScope) – The criteria to match the securables.

  • mode (DeleteMode, optional) –

    One of the following enum values.

    DeleteMode.restrict: If the privilege being revoked has been re-granted to another role, the REVOKE command fails.

    DeleteMode.cascade: If the privilege being revoked has been re-granted, the REVOKE command recursively revokes these dependent grants. If the same privilege on an object has been granted to the target role by a different grantor (parallel grant), that grant is not affected and the target role retains the privilege.

    Default is None which is equivalent to DeleteMode.restrict.

Examples

Using a role reference to revoke privileges on all future schemas in a database from it:

>>> reference_role.revoke_future_privileges(
...     ["CREATE", "USAGE"], "schema", ContainingScope(database="test_db")
... )
Copy
revoke_future_privileges_async(privileges: list[str], securable_type: str, containing_scope: ContainingScope, mode: DeleteMode | None = None) → PollingOperation[None]¶

An asynchronous version of revoke_future_privileges().

Refer to PollingOperation for more information on asynchronous execution and the return type.

For more information

Go to the SQL command page to view more information about arguments, options, privileges requirements, and usage guidelines.

View
revoke_grant_option_for_future_privileges(privileges: list[str], securable_type: str, containing_scope: ContainingScope, mode: DeleteMode | None = None) → None¶

Revoke grant option for privileges on all future securables matching the criteria from this role.

For more information

Go to the SQL command page to view more information about arguments, options, privileges requirements, and usage guidelines.

View
Parameters:

  • privileges (list[str]) – The list of privileges to be revoked.

  • securable_type (str) – The type of securable on which the privileges would be revoked.

  • containing_scope (ContainingScope) – The criteria to match the securables.

  • mode (DeleteMode, optional) –

    One of the following enum values.

    DeleteMode.restrict: If the privilege being revoked has been re-granted to another role, the REVOKE command fails.

    DeleteMode.cascade: If the privilege being revoked has been re-granted, the REVOKE command recursively revokes these dependent grants. If the same privilege on an object has been granted to the target role by a different grantor (parallel grant), that grant is not affected and the target role retains the privilege.

    Default is None which is equivalent to DeleteMode.restrict.

Examples

Using a role reference to revoke grant option for privileges on all future schemas in a database from it:

>>> reference_role.revoke_grant_option_for_future_privileges(
...     ["CREATE", "USAGE"], "schema", ContainingScope(database="test_db")
... )
Copy
revoke_grant_option_for_future_privileges_async(privileges: list[str], securable_type: str, containing_scope: ContainingScope, mode: DeleteMode | None = None) → PollingOperation[None]¶

An asynchronous version of revoke_grant_option_for_future_privileges().

Refer to PollingOperation for more information on asynchronous execution and the return type.

For more information

Go to the SQL command page to view more information about arguments, options, privileges requirements, and usage guidelines.

View
revoke_grant_option_for_privileges(privileges: list[str], securable_type: str, securable: Securable | None = None, mode: DeleteMode | None = None) → None¶

Revoke grant option for privileges on a securable from this role.

For more information

Go to the SQL command page to view more information about arguments, options, privileges requirements, and usage guidelines.

View
Parameters:

  • privileges (list[str]) – The list of privileges to be revoked.

  • securable_type (str) – The type of securable on which the privileges would be revoked.

  • securable (Securable, optional) – The securable on which the privileges would be revoked. Default is None.

  • mode (DeleteMode, optional) –

    One of the following enum values.

    DeleteMode.restrict: If the privilege being revoked has been re-granted to another role, the REVOKE command fails.

    DeleteMode.cascade: If the privilege being revoked has been re-granted, the REVOKE command recursively revokes these dependent grants. If the same privilege on an object has been granted to the target role by a different grantor (parallel grant), that grant is not affected and the target role retains the privilege.

    Default is None which is equivalent to DeleteMode.restrict.

Examples

Using a role reference to revoke grant option for privileges from it:

>>> reference_role.revoke_grant_option_for_privileges(
...     ["CREATE", "USAGE"], "database", Securable(database="test_db")
... )
Copy
revoke_grant_option_for_privileges_async(privileges: list[str], securable_type: str, securable: Securable | None = None, mode: DeleteMode | None = None) → PollingOperation[None]¶

An asynchronous version of revoke_grant_option_for_privileges().

Refer to PollingOperation for more information on asynchronous execution and the return type.

For more information

Go to the SQL command page to view more information about arguments, options, privileges requirements, and usage guidelines.

View
revoke_grant_option_for_privileges_on_all(privileges: list[str], securable_type: str, containing_scope: ContainingScope, mode: DeleteMode | None = None) → None¶

Revoke grant option for privileges on all securables matching the criteria from this role.

For more information

Go to the SQL command page to view more information about arguments, options, privileges requirements, and usage guidelines.

View
Parameters:

  • privileges (list[str]) – The list of privileges to be revoked.

  • securable_type (str) – The type of securable on which the privileges would be revoked.

  • containing_scope (ContainingScope) – The criteria to match the securables.

  • mode (DeleteMode, optional) –

    One of the following enum values.

    DeleteMode.restrict: If the privilege being revoked has been re-granted to another role, the REVOKE command fails.

    DeleteMode.cascade: If the privilege being revoked has been re-granted, the REVOKE command recursively revokes these dependent grants. If the same privilege on an object has been granted to the target role by a different grantor (parallel grant), that grant is not affected and the target role retains the privilege.

    Default is None which is equivalent to DeleteMode.restrict.

Examples

Using a role reference to revoke grant option for privileges on all schemas in a database from it:

>>> reference_role.revoke_grant_option_for_privileges_on_all(
...     ["CREATE", "USAGE"], "schema", ContainingScope(database="test_db")
... )
Copy
revoke_grant_option_for_privileges_on_all_async(privileges: list[str], securable_type: str, containing_scope: ContainingScope, mode: DeleteMode | None = None) → PollingOperation[None]¶

An asynchronous version of revoke_grant_option_for_privileges_on_all().

Refer to PollingOperation for more information on asynchronous execution and the return type.

For more information

Go to the SQL command page to view more information about arguments, options, privileges requirements, and usage guidelines.

View
revoke_privileges(privileges: list[str], securable_type: str, securable: Securable | None = None, mode: DeleteMode | None = None) → None¶

Revoke privileges on a securable from this role.

For more information

Go to the SQL command page to view more information about arguments, options, privileges requirements, and usage guidelines.

View
Parameters:

  • privileges (list[str]) – The list of privileges to be revoked.

  • securable_type (str) – The type of securable on which the privileges would be revoked.

  • securable (Securable, optional) – The securable on which the privileges would be revoked. Default is None.

  • mode (DeleteMode, optional) –

    One of the following enum values.

    DeleteMode.restrict: If the privilege being revoked has been re-granted to another role, the REVOKE command fails.

    DeleteMode.cascade: If the privilege being revoked has been re-granted, the REVOKE command recursively revokes these dependent grants. If the same privilege on an object has been granted to the target role by a different grantor (parallel grant), that grant is not affected and the target role retains the privilege.

    Default is None which is equivalent to DeleteMode.restrict.

Examples

Using a role reference to revoke privileges from it:

>>> reference_role.revoke_privileges(["CREATE", "USAGE"], "database", Securable(database="test_db"))
Copy
revoke_privileges_async(privileges: list[str], securable_type: str, securable: Securable | None = None, mode: DeleteMode | None = None) → PollingOperation[None]¶

An asynchronous version of revoke_privileges().

Refer to PollingOperation for more information on asynchronous execution and the return type.

For more information

Go to the SQL command page to view more information about arguments, options, privileges requirements, and usage guidelines.

View
revoke_privileges_on_all(privileges: list[str], securable_type: str, containing_scope: ContainingScope, mode: DeleteMode | None = None) → None¶

Revoke privileges on all securables matching the criteria from this role.

For more information

Go to the SQL command page to view more information about arguments, options, privileges requirements, and usage guidelines.

View
Parameters:

  • privileges (list[str]) – The list of privileges to be revoked.

  • securable_type (str) – The type of securable on which the privileges would be revoked.

  • containing_scope (ContainingScope) – The criteria to match the securables.

  • mode (DeleteMode, optional) –

    One of the following enum values.

    DeleteMode.restrict: If the privilege being revoked has been re-granted to another role, the REVOKE command fails.

    DeleteMode.cascade: If the privilege being revoked has been re-granted, the REVOKE command recursively revokes these dependent grants. If the same privilege on an object has been granted to the target role by a different grantor (parallel grant), that grant is not affected and the target role retains the privilege.

    Default is None which is equivalent to DeleteMode.restrict.

Examples

Using a role reference to revoke privileges on all schemas in a database from it:

>>> reference_role.revoke_privileges_on_all(
...     ["CREATE", "USAGE"], "schema", ContainingScope(database="test_db")
... )
Copy
revoke_privileges_on_all_async(privileges: list[str], securable_type: str, containing_scope: ContainingScope, mode: DeleteMode | None = None) → PollingOperation[None]¶

An asynchronous version of revoke_privileges_on_all().

Refer to PollingOperation for more information on asynchronous execution and the return type.

For more information

Go to the SQL command page to view more information about arguments, options, privileges requirements, and usage guidelines.

View
revoke_role(role_type: str, role: Securable) → None¶

Revoke a role from this role.

For more information

Go to the SQL command page to view more information about arguments, options, privileges requirements, and usage guidelines.

View
Parameters:

  • role_type (str) – The type of role which would be revoked.

  • role (Securable) – The role which would be revoked.

Examples

Using a role reference to revoke a role from it:

>>> reference_role.revoke("role", Securable(name="test_role"))
Copy
revoke_role_async(role_type: str, role: Securable) → PollingOperation[None]¶

An asynchronous version of revoke_role().

Refer to PollingOperation for more information on asynchronous execution and the return type.

For more information

Go to the SQL command page to view more information about arguments, options, privileges requirements, and usage guidelines.

View
Language: English