Is there any way to check the user name who created the table in snowflake database.
To previous questions in stack over flow some one suggested below query.
How to find the user who created a table in Snowflake
but I am unable to run the query, showing below error
Error: SQL compilation error: Shared database is no longer available for use. It will need to be re-created if and when the publisher makes it available again.
After gone through some documentation in snowflake I understood it need share access
Please let us know if this share access can be granted to every end user to find the user name who created table ? is it recommended to grant to users.
if so how to grant access to user
or is there any alternative way to get this information.
Regards,
Srinivas
Run the following command to find your current role:
select current_role();
Then ask your account admin to grant access to the SNOWFLAKE database:
grant IMPORTED PRIVILEGES on database snowflake to role your_role_name;
You can try information Schema. If you have access to that database then you should be good.
select user_name,query_text,*
from table(information_schema.query_history())
where contains(lower(query_text),'<your table name>')
and query_type = 'CREATE_TABLE'
order by start_time;
Related
When trying to read from a table with Snowflake Python connector I am getting the following error:
*** snowflake.connector.errors.ProgrammingError: 000606 (57P03): No active warehouse selected in the current session. Select an active
warehouse with the 'use warehouse' command.
Searching the web for solutions I saw that the main recommendation is to apply USE WAREHOUSE <warehouse name>
However, when I apply this command I get the following error:
*** snowflake.connector.errors.ProgrammingError: 002043 (02000): SQL compilation error: Object does not exist, or operation cannot be
performed.
I also granted "USAGE" privileges to the relevant user, but the errors still occurred.
There are no errors when I apply the commands USE DATABASE and USE SCHEMA on the other hand.
Also, I am able to read from the table from Snowflake web UI with another user.
Any idea what might be wrong?
so use SHOW WAREHOUSES
show warehouses;
name
state
type
size
running
queued
is_default
is_current
auto_suspend
auto_resume
COMPUTE_WH
SUSPENDED
STANDARD
X-Small
0
0
Y
Y
600
true
The name has to be one you can use. And it needs to be AUTO RESUME or you need it STARTED or to START IT
ALTER WAREHOUSE <name> RESUME IF SUSPENDED;
It's nice to have DEFAULT_WAREHOUSE set on your user also, so you don't have set it each time
ALTER USER <user_name> SET DEFAULT_WAREHOUSE = <warehouse_name>;
So I've finally managed to figure out what was the problem:
At first I solved it by granting 'USAGE' privileges to 'PUBLIC'. However, this was not making sense to me because I configured a different user than 'PUBLIC' to my Snowflake Python Connector. The user I am using was assigned a different role.
Then, I figured that I did not configure a role to my Snowflake Python Connector. After I configured the relevant role to the Python connector, granting 'USAGE' privileges to that role solved the problem.
I suppose that when no role is configured to the Python Connector, 'PUBLIC' role is used by default.
Since I'm just starting off with Snowflake and this is all based on my trial and error experiments, there may be some more details/info that can be shared by anyone who is more experienced in Snowflake configuration. So that could be helpful for others who experience similar problems.
I am trying the below query against SNOWFLAKE.INFORMATION_SCHEMA from account admin but it returning an error.
Query:
Select
'databases' as category,
count(*) as found,
'3' as expected
from SNOWFLAKE.INFORMATION_SCHEMA.DATABASES
where DATABASE_NAME IN ('USDA_NUTRIENT_STDREF','LIBRARY_CARD_CATALOG','SOCIAL_MEDIA_FLOODGATES')
Error:
SQL compilation error: Database 'SNOWFLAKE' does not exist or not authorized.
Checked SNOWFLAKE database exists but it does not have any schema including INFORMATION_SCHEMA
Databases live under your account. Account is the top level object in the Snowflake object hierarchy. Databases live under account. See this link, and find the text where it says, "The top-most container is the customer account...". It's got a nice little graphic there.
When you query information_schema on the Snowflake database, you're getting the information_schema of just the snowflake database, not of your entire account. Snowflake.information_schema is kinda useless b/c it just shows the information schema of a database (Snowflake) that you have no control over - Snowflake controls it.
If you want to see all the databases in your account, you can do the following:
use role accountadmin;
show databases;
select count(*) from table(result_scan(last_query_id())) where "name" in ('USDA_NUTRIENT_STDREF','LIBRARY_CARD_CATALOG','SOCIAL_MEDIA_FLOODGATES');
Now, separately, if you're concerned about the error you're getting - that you don't have access to the snowflake database, then I'd say you're either not using the accountadmin role, or you're not using a role that has the right privileges. If you'd like to give a role privileges to the Snowlfake database, you can run the following:
GRANT IMPORTED PRIVILEGES
ON DATABASE SNOWFLAKE TO ROLE {SOME_ROLE_OF_YOURS};
Good luck!
In Snowflake, I know I can show roles:
show roles
I know I can show grants on specific roles and access those via query:
show grants to role dev_role;
select * from table(RESULT_SCAN (LAST_QUERY_ID()));
I'd like to show ALL grants for ALL roles in one table. My best guess would be to write a procedure that iterates through all the role names, executes the above code, and outputs the result to a table.
Is there a better way of doing this?
Do you have access to the shared database called snowflake? If not then you may need to ask an accountadmin to provide you the IMPORTED PRIVILEGES grant as explained here.
Anyway if you have access to this database then I think you should be able to get the info you need from the GRANTS_TO_ROLES view:
select *
from snowflake.account_usage.grants_to_roles;
Unfortunately there is not currently a better way to accumulate the grant information. My current solution is exactly what you've described.
I have two Snowflake account and need to clone or copy the databases and tables on the same region.
Solutions that I am trying to replicate:
Data Sharing Intro Reference
I read that:
"Snowflake supports using grants to provide granular access control to
selected objects (schemas, tables, secure views, and secure UDFs) in
the database (i.e., you grant access privileges for one or more
specific objects within the database)."
It sounds like I could share a UDF with the database I want to share with the account, but read only features. This is confirmed:
" ...but cannot perform any of the DML tasks that are allowed in a
full account (data loading, insert, update, etc.)."
Setting up one account as a provider:
USE ROLE ACCOUNTADMIN;
CREATE MANAGED ACCOUNT reader_acct1
ADMIN_NAME = user1 , ADMIN_PASSWORD = 'Sdfed43da!44' ,
TYPE = READER;
//create share
CREATE SHARE Articlelibary_share;
GRANT USAGE ON DATABASE Snapshots TO SHARE Articlelibary_share;
GRANT USAGE ON SCHEMA Snapshots.public TO SHARE Articlelibary_share;
GRANT SELECT ON TABLE Snapshots.public.Articlelibary_TEST TO SHARE Articlelibary_share;
However the error I am getting the error in my worksheet that says:
SQL compilation error: Database 'SNAPSHOTS' does not exist or not
authorized.
What I have found is that when I am in the ACCOUNTADMIN role I can see the snapshot table, however, in the SYSADMIN I cannot see the the Snapshots table.
So, how can I fix the Database/Table permissions so that I can add it to the share?
The activities of creating a share and allowing access to other accounts has to be performed only by the ACCOUNTADMIN and that is the reason for the error that you are seeing.
From Documentation it is very clear :
https://docs.snowflake.net/manuals/user-guide/data-sharing-gs.html#getting-started-with-secure-data-sharing
To perform the tasks described in this topic, you must use the ACCOUNTADMIN role.
i googled it and find nothing. Short story, i created a user and granted to a table in my SyBase. but when i try
select * from table1
it didn't work. Error show Permission denied: you don't have permission to select from "table1" and i try add dbname before table name like this and it works :
select * from dbname.table1
i suspect that user default database is something else so i want to set dbname to his default database. Anyone know how to do this?
This has nothing to do with database names (or login policies). Given your comment that "dbname" is actually the user who owns the table, here's what's happening.
When you specify a table name without an owner, the server has to figure out which table you mean. It first looks for a table that you own with that name. If it doesn't find one, it looks for tables owned by any groups that you are a member of. I suspect that one of these groups has a table named "table1" that you do not have permission to select from.
When you specify a table name with an owner, the server knows exactly which table to use. Since you do have permission to select from that table, you get the results you want.
IQ doesn't have default databases/schemas. Instead it uses login policies. Each database has a login policy assigned to it, which can be altered. You can also create custom login policies.
When you create a user account with out specifying a login policy, it automatically gets the root login policy.
For more information, check the following SAP Sybase IQ docs:
Intro to IQ: Managing Users and Groups
System Admin Guide V1: Managing User IDs and Permissions
Using a view or procedure is a useful method. That said, to establish a "default" schema in (IQ 15.x) one would use groups. Essentially, one grants group to the schema owner and makes the individual login accounts (or other groups) members of that group. Note that this only gives the user access to the schema--that is, it eliminates the need to preface the object with the schema/owner name (unless there are object name conflicts only resolvable with explicit schema.object naming). This does not include a grant of permissions. None of the implicit table-owner related privileges will inherit. However, as the schema/owner is now also a group, permissions could be granted at that level.
See: http://infocenter.sybase.com/help/topic/com.sybase.infocenter.dc00170.1540/doc/html/san1288042708174.html (Managing User ID's and permissions). Be warned: this material generally requires some close reading and experimentation before it becomes useful.
As I understand it, this method is complementary to (functionally replaced by) the new role-based model in IQ 16. However, as I am still feeling my through IQ 16, there is probably a great deal more to be said, and I am not ready to comment just yet.