brandon/oam
1
0
Fork 0
mirror of https://gitea.com/mcereda/oam.git synced 2026-02-09 05:44:23 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(snowflake): ajdust commands again

Browse Source
This commit is contained in:
Michele Cereda
2025-07-28 18:29:01 +02:00
parent b6b06bc3e0
commit 5c6ff19e36
2 changed files with 39 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
knowledge base/snowflake/README.md
View File

@@ -274,13 +274,24 @@ Users can only be created by those with (or):
Add users to the account executing a SQL Query by means of Snowflake's web UI found in the `Account` section.
Service users are users with `TYPE=SERVICE`.<br/>
Users have accepted attributes depending on their type. Incompatible properties will be stored, but kept disabled.<br/>
Changing the user type could reenable the now compatible, disabled, properties.
Assess a user's type with the `DESCRIBE USER` command, or by querying the `snowflake.account_usage.users` table.
```sql
-- List users
SHOW USERS;
SHOW USERS LIKE 'BILLY';
SHOW USERS LIKE '%john%';
-- List service users
-- requires running in a warehouse
SELECT LOGIN_NAME FROM snowflake.account_usage.users WHERE TYPE = 'SERVICE';
-- Get information about users
DESC USER zoe;
DESCRIBE USER william;
-- Create users
CREATE USER alice;
@@ -288,11 +299,15 @@ CREATE USER IF NOT EXISTS bob;
CREATE OR REPLACE USER claude
LOGIN_NAME='CLAUDE@EXAMPLE.ORG' DISPLAY_NAME='Claude' EMAIL='claude@example.org'
PASSWORD='somePassword' MUST_CHANGE_PASSWORD=TRUE;
-- Create service users by specifying TYPE = SERVICE
-- Default resources do *not* need to exist beforehand, but *will* be used on login
CREATE USER IF NOT EXISTS some_service TYPE = SERVICE
DEFAULT_ROLE = some_service_role DEFAULT_WAREHOUSE = dev_wh DEFAULT_NAMESPACE = dev_db.dev_schema;
```
Prefer setting a `DEFAULT_WAREHOUSE` and `DEFAULT_ROLE` for users, specially if they use non-Snowflake client tools.
Remember to `GRANT ROLE a=Access` after creating a user.<br/>
Remember to `GRANT ROLE` after creating a user.<br/>
Snowflake does **not** offer access to a user's default role automatically. After a user is created, one **must**
provide that user access to its default role.<br/>
If a user can't access their default role, they won't be able to log in.
@@ -307,6 +322,17 @@ When using SSO:
Setting up a password gives the user the option of selecting what method to use to login. This is required by tools
that do not support logging in via SSO.
Change users to service users:
```sql
ALTER USER my_service_user SET TYPE = SERVICE;
ALTER USER my_service_user UNSET PASSWORD;
ALTER USER my_service_user UNSET FIRST_NAME;
ALTER USER my_service_user UNSET MIDDLE_NAME;
ALTER USER my_service_user UNSET LAST_NAME;
ALTER USER my_service_user SET DISABLE_MFA = TRUE;
```
## Virtual warehouses
Dedicated, independent clusters of compute resources in Snowflake.

12
snippets/snowflake.sql
View File

@@ -157,3 +157,15 @@ ALTER USER data_service_user SET NETWORK_POLICY=allow_all_net_policy;
-- 4. create pat
ALTER USER data_service_user ADD PROGRAMMATIC ACCESS TOKEN data_service_pat
ROLE_RESTRICTION='DATA_SERVICE_ROLE' DAYS_TO_EXPIRY=90 COMMENT='Test PAT';
-- -----------------
-- change users to service users
-- -----------------
ALTER USER my_service_user SET TYPE = SERVICE;
ALTER USER my_service_user UNSET PASSWORD;
ALTER USER my_service_user UNSET FIRST_NAME;
ALTER USER my_service_user UNSET MIDDLE_NAME;
ALTER USER my_service_user UNSET LAST_NAME;
ALTER USER my_service_user SET DISABLE_MFA = TRUE;