Snowflake privileges
| Snowflake privilege | Description |
|---|---|
[APPLY MASKING POLICY]
|
To apply masking policies. Required for the role performing the actions. |
[APPLY ROW ACCESS POLICY]
|
To apply row access policies. Required for the role performing the actions. |
[APPLY TAG]
|
To apply tags. Required for the role performing the actions. |
[IMPORTED PRIVILEGES]
|
To import privileges. Required for the role performing the actions. |
[MANAGE GRANTS]
|
To manage access privileges. Required for the role performing the actions. Note This privilege is used only if the Grant access... checkbox is selected in a data access rule in Protect. If the checkbox is not selected, you do not need to set the |
[USAGE]
|
To manage usage access on databases and schemas involved in the protection. Required on each database and schema where policies are applied to the role performing the actions. |
|
|
To create masking policies. Required on each schema where policies are applied to the role performing the actions. |
[CREATE ROW ACCESS POLICY]
|
To create row access policies. Required on each schema where policies are applied to the role performing the actions. |
[CREATE TAG]
|
To create tags. Required on each schema where policies are applied to the role performing the actions. |
GRANT APPLY MASKING POLICY ON ACCOUNT TO ROLE PROTECT;
GRANT APPLY ROW ACCESS POLICY ON ACCOUNT TO ROLE PROTECT;
GRANT APPLY TAG ON ACCOUNT TO ROLE PROTECT;
GRANT MANAGE GRANTS ON ACCOUNT TO ROLE PROTECT;
GRANT IMPORTED PRIVILEGES ON DATABASE SNOWFLAKE TO ROLE PROTECT;
GRANT USAGE ON DATABASE DEMO TO ROLE PROTECT;
GRANT USAGE ON ALL SCHEMAS IN DATABASE DEMO TO ROLE PROTECT;
GRANT CREATE MASKING POLICY ON ALL SCHEMAS IN DATABASE DEMO TO ROLE PROTECT;
GRANT CREATE ROW ACCESS POLICY ON ALL SCHEMAS IN DATABASE DEMO TO ROLE PROTECT;
GRANT CREATE TAG ON ALL SCHEMAS IN DATABASE DEMO TO ROLE PROTECT