0
0
Snowflakecloud~10 mins

Granting and revoking privileges in Snowflake - Step-by-Step Execution

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Process Flow - Granting and revoking privileges
Start
Identify Role/User
Choose Privilege
GRANT Privilege
Privilege Active?
NoError or Retry
Yes
REVOKE Privilege
Privilege Removed?
NoError or Retry
Yes
End
The flow shows granting a privilege to a role or user, checking it is active, then revoking it and confirming removal.
Execution Sample
Snowflake
GRANT SELECT ON TABLE sales TO ROLE analyst;
REVOKE SELECT ON TABLE sales FROM ROLE analyst;
This code grants SELECT permission on the sales table to the analyst role, then revokes it.
Process Table
StepCommandTargetPrivilegeResult
1GRANT SELECT ON TABLE sales TO ROLE analystROLE analystSELECTPrivilege granted
2Check if analyst can SELECT from salesROLE analystSELECTAccess allowed
3REVOKE SELECT ON TABLE sales FROM ROLE analystROLE analystSELECTPrivilege revoked
4Check if analyst can SELECT from salesROLE analystSELECTAccess denied
💡 Privilege revoked, analyst no longer has SELECT access on sales table
Status Tracker
VariableStartAfter Step 1After Step 3Final
analyst_role_privilegesnoneSELECT on salesnonenone
Key Moments - 2 Insights
Why does the analyst role lose access after revoking?
Because the REVOKE command removes the SELECT privilege granted earlier, as shown in execution_table step 3 and 4.
Can privileges be granted to users directly instead of roles?
Yes, privileges can be granted to users or roles. This example uses a role for best practice, as seen in execution_table step 1.
Visual Quiz - 3 Questions
Test your understanding
Look at the execution table, what is the analyst role's privilege after step 1?
ASELECT on sales
BNo privileges
CINSERT on sales
DALL privileges
💡 Hint
Check the 'Result' column in step 1 and variable_tracker after step 1
At which step does the analyst lose SELECT access?
AStep 1
BStep 2
CStep 3
DStep 4
💡 Hint
Look at the 'Result' column for access checks in steps 2 and 4
If we grant INSERT instead of SELECT in step 1, what changes in the execution table?
APrivilege column in step 1 and 3 changes to INSERT
BNo change, still SELECT
CResult changes to 'Privilege denied'
DTarget changes to user instead of role
💡 Hint
Focus on the 'Privilege' column in steps 1 and 3
Concept Snapshot
GRANT privilege ON object TO role_or_user;
REVOKE privilege ON object FROM role_or_user;
Privileges control access rights.
Grant adds rights; revoke removes them.
Always check access after changes.
Full Transcript
This visual execution shows how to grant and revoke privileges in Snowflake. First, a SELECT privilege is granted on the sales table to the analyst role. This allows the analyst to access the table. Then, the privilege is revoked, removing access. The execution table tracks each step, showing commands, targets, privileges, and results. The variable tracker shows the analyst role's privileges changing from none to SELECT and back to none. Key moments clarify why access changes and the difference between granting to roles or users. The quiz tests understanding of privilege states and effects of commands. The snapshot summarizes the syntax and behavior of granting and revoking privileges.