Skip to content

Snowflake Role Based Access Control

A metadata-driven framework for automating Snowflake role-based access control (RBAC) management. This module generates and deploys technical and functional roles based on declarative configuration files.

Documentation

  • Introduction: Overview of the module, technical and functional roles, workflow modes
  • Configuration: YAML structure, CLI commands, and arguments
  • Requirements: Prerequisites, permissions, and setup

Quick Start

1. Generate Technical Roles

cloe-snowflake-rbac generate-technical-roles \
  /path/to/git/root \
  /path/to/output \
  --database-model-filepath databases/databases.json \
  --database-filter-positive "^(DEV|TEST).*" \
  --git-tag-regex "deploy-.*"

2. Generate Functional Roles

cloe-snowflake-rbac generate-functional-roles \
  /path/to/git/root \
  /path/to/output \
  --functional-model-path config/functional_roles.yml \
  --git-tag-regex "deploy-.*"

Key Features

  • Automated technical role generation from database metadata
  • Declarative functional role configuration via YAML
  • Incremental deployments for large environments
  • Change tracking using git tags
  • Automatic cleanup of obsolete roles
  • Database filtering with regex patterns