0
0
Snowflakecloud~10 mins

Creating custom roles in Snowflake - Visual Walkthrough

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Process Flow - Creating custom roles
Start
Define Role Name
Execute CREATE ROLE SQL
Role Created in System
Grant Privileges to Role
Assign Role to Users
Users Can Use Role Permissions
End
The flow shows creating a custom role, granting privileges, and assigning it to users so they can use the permissions.
Execution Sample
Snowflake
CREATE ROLE analyst;
GRANT SELECT ON DATABASE sales_db TO ROLE analyst;
GRANT ROLE analyst TO USER alice;
This code creates a role named 'analyst', grants it select access on a database, and assigns the role to user 'alice'.
Process Table
StepActionSQL ExecutedSystem State ChangeResult
1Create roleCREATE ROLE analyst;Role 'analyst' added to roles listRole 'analyst' exists with no privileges
2Grant privilegeGRANT SELECT ON DATABASE sales_db TO ROLE analyst;Role 'analyst' granted SELECT on sales_dbRole 'analyst' can SELECT from sales_db
3Assign role to userGRANT ROLE analyst TO USER alice;User 'alice' assigned role 'analyst'User 'alice' can use 'analyst' permissions
4EndNo further changesSetup complete
💡 All steps executed successfully; custom role created and assigned.
Status Tracker
VariableStartAfter Step 1After Step 2After Step 3Final
roles_list[]['analyst']['analyst']['analyst']['analyst']
analyst_privileges{}{}{'SELECT on sales_db'}{'SELECT on sales_db'}{'SELECT on sales_db'}
alice_roles[][][]['analyst']['analyst']
Key Moments - 2 Insights
Why does the role have no privileges immediately after creation?
Because creating a role only defines it; privileges must be granted separately as shown in step 2 of the execution_table.
Can a user use a role's privileges before the role is assigned to them?
No, as shown in step 3, the user must be assigned the role to use its permissions.
Visual Quiz - 3 Questions
Test your understanding
Look at the execution_table, what is the system state after step 2?
ARole 'analyst' exists but has no privileges
BUser 'alice' assigned role 'analyst'
CRole 'analyst' granted SELECT on sales_db
DNo roles exist yet
💡 Hint
Check the 'System State Change' column in row 2 of execution_table.
At which step does user 'alice' gain the ability to use the 'analyst' role?
AStep 3
BStep 1
CStep 2
DStep 4
💡 Hint
Look at the 'Result' column for when 'alice' is assigned the role.
If we skip granting privileges in step 2, what would be the effect?
AUser 'alice' could still SELECT from sales_db
BRole 'analyst' would have no privileges
CRole 'analyst' would have default privileges
DUser 'alice' would be unable to log in
💡 Hint
Refer to the 'key_moments' about role privileges after creation.
Concept Snapshot
CREATE ROLE role_name;
GRANT privileges TO ROLE role_name;
GRANT ROLE role_name TO USER user_name;

Roles start empty; privileges must be granted.
Users gain permissions only after role assignment.
Full Transcript
Creating custom roles in Snowflake involves three main steps. First, you create the role with CREATE ROLE. This adds the role to the system but it has no permissions yet. Next, you grant privileges like SELECT on databases to the role. Finally, you assign the role to users so they can use those permissions. The execution table shows each step's SQL command and how the system state changes. Variables track roles, privileges, and user assignments. Key moments clarify that roles start empty and users need role assignment to gain permissions. The quiz tests understanding of when privileges are granted and when users gain access.