snowflake.GrantPrivilegesToAccountRole

Snowflake v2.13.0, Feb 26 26

Viewing docs for Snowflake v2.13.0
published on Thursday, Feb 26, 2026 by Pulumi

Schema (JSON)

pulumi/pulumi-snowflake

Viewing docs for Snowflake v2.13.0
published on Thursday, Feb 26, 2026 by Pulumi

Schema (JSON)

pulumi/pulumi-snowflake

Note When using IMPORTED PRIVILEGES privilege, the with_grant_option field is not supported. Additionally, when the IMPORTED PRIVILEGES privilege is not set in the config, and it is granted externally, this change is not detected because of Snowflake limitations. Also, granting individual privileges on imported database is not allowed, this is a Snowflake limitation. Use IMPORTED PRIVILEGES instead.

Note Please, follow the Snowflake documentation for best practices on access control. The provider does not enforce any specific methodology, so it is essential for users to choose the appropriate strategy for seamless privilege management. Additionally, refer to this link for a list of all available privileges in Snowflake.

!> Warning The new strict_privilege_management flag was added. It has similar behavior to the enable_multiple_grants flag present in the old grant resources, and it makes the resource able to detect external changes for privileges other than those present in the configuration, which can make the resource a central point of knowledge privilege management for a given object and role. See our Strict privilege management guide for more information.

Create GrantPrivilegesToAccountRole Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new GrantPrivilegesToAccountRole(name: string, args: GrantPrivilegesToAccountRoleArgs, opts?: CustomResourceOptions);

@overload
def GrantPrivilegesToAccountRole(resource_name: str,
                                 args: GrantPrivilegesToAccountRoleArgs,
                                 opts: Optional[ResourceOptions] = None)

@overload
def GrantPrivilegesToAccountRole(resource_name: str,
                                 opts: Optional[ResourceOptions] = None,
                                 account_role_name: Optional[str] = None,
                                 all_privileges: Optional[bool] = None,
                                 always_apply: Optional[bool] = None,
                                 always_apply_trigger: Optional[str] = None,
                                 on_account: Optional[bool] = None,
                                 on_account_object: Optional[GrantPrivilegesToAccountRoleOnAccountObjectArgs] = None,
                                 on_schema: Optional[GrantPrivilegesToAccountRoleOnSchemaArgs] = None,
                                 on_schema_object: Optional[GrantPrivilegesToAccountRoleOnSchemaObjectArgs] = None,
                                 privileges: Optional[Sequence[str]] = None,
                                 strict_privilege_management: Optional[bool] = None,
                                 with_grant_option: Optional[bool] = None)

func NewGrantPrivilegesToAccountRole(ctx *Context, name string, args GrantPrivilegesToAccountRoleArgs, opts ...ResourceOption) (*GrantPrivilegesToAccountRole, error)

public GrantPrivilegesToAccountRole(string name, GrantPrivilegesToAccountRoleArgs args, CustomResourceOptions? opts = null)

public GrantPrivilegesToAccountRole(String name, GrantPrivilegesToAccountRoleArgs args)
public GrantPrivilegesToAccountRole(String name, GrantPrivilegesToAccountRoleArgs args, CustomResourceOptions options)

type: snowflake:GrantPrivilegesToAccountRole
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args GrantPrivilegesToAccountRoleArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args GrantPrivilegesToAccountRoleArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args GrantPrivilegesToAccountRoleArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args GrantPrivilegesToAccountRoleArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args GrantPrivilegesToAccountRoleArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var grantPrivilegesToAccountRoleResource = new Snowflake.GrantPrivilegesToAccountRole("grantPrivilegesToAccountRoleResource", new()
{
    AccountRoleName = "string",
    AllPrivileges = false,
    AlwaysApply = false,
    AlwaysApplyTrigger = "string",
    OnAccount = false,
    OnAccountObject = new Snowflake.Inputs.GrantPrivilegesToAccountRoleOnAccountObjectArgs
    {
        ObjectName = "string",
        ObjectType = "string",
    },
    OnSchema = new Snowflake.Inputs.GrantPrivilegesToAccountRoleOnSchemaArgs
    {
        AllSchemasInDatabase = "string",
        FutureSchemasInDatabase = "string",
        SchemaName = "string",
    },
    OnSchemaObject = new Snowflake.Inputs.GrantPrivilegesToAccountRoleOnSchemaObjectArgs
    {
        All = new Snowflake.Inputs.GrantPrivilegesToAccountRoleOnSchemaObjectAllArgs
        {
            ObjectTypePlural = "string",
            InDatabase = "string",
            InSchema = "string",
        },
        Future = new Snowflake.Inputs.GrantPrivilegesToAccountRoleOnSchemaObjectFutureArgs
        {
            ObjectTypePlural = "string",
            InDatabase = "string",
            InSchema = "string",
        },
        ObjectName = "string",
        ObjectType = "string",
    },
    Privileges = new[]
    {
        "string",
    },
    StrictPrivilegeManagement = false,
    WithGrantOption = false,
});

example, err := snowflake.NewGrantPrivilegesToAccountRole(ctx, "grantPrivilegesToAccountRoleResource", &snowflake.GrantPrivilegesToAccountRoleArgs{
	AccountRoleName:    pulumi.String("string"),
	AllPrivileges:      pulumi.Bool(false),
	AlwaysApply:        pulumi.Bool(false),
	AlwaysApplyTrigger: pulumi.String("string"),
	OnAccount:          pulumi.Bool(false),
	OnAccountObject: &snowflake.GrantPrivilegesToAccountRoleOnAccountObjectArgs{
		ObjectName: pulumi.String("string"),
		ObjectType: pulumi.String("string"),
	},
	OnSchema: &snowflake.GrantPrivilegesToAccountRoleOnSchemaArgs{
		AllSchemasInDatabase:    pulumi.String("string"),
		FutureSchemasInDatabase: pulumi.String("string"),
		SchemaName:              pulumi.String("string"),
	},
	OnSchemaObject: &snowflake.GrantPrivilegesToAccountRoleOnSchemaObjectArgs{
		All: &snowflake.GrantPrivilegesToAccountRoleOnSchemaObjectAllArgs{
			ObjectTypePlural: pulumi.String("string"),
			InDatabase:       pulumi.String("string"),
			InSchema:         pulumi.String("string"),
		},
		Future: &snowflake.GrantPrivilegesToAccountRoleOnSchemaObjectFutureArgs{
			ObjectTypePlural: pulumi.String("string"),
			InDatabase:       pulumi.String("string"),
			InSchema:         pulumi.String("string"),
		},
		ObjectName: pulumi.String("string"),
		ObjectType: pulumi.String("string"),
	},
	Privileges: pulumi.StringArray{
		pulumi.String("string"),
	},
	StrictPrivilegeManagement: pulumi.Bool(false),
	WithGrantOption:           pulumi.Bool(false),
})

var grantPrivilegesToAccountRoleResource = new GrantPrivilegesToAccountRole("grantPrivilegesToAccountRoleResource", GrantPrivilegesToAccountRoleArgs.builder()
    .accountRoleName("string")
    .allPrivileges(false)
    .alwaysApply(false)
    .alwaysApplyTrigger("string")
    .onAccount(false)
    .onAccountObject(GrantPrivilegesToAccountRoleOnAccountObjectArgs.builder()
        .objectName("string")
        .objectType("string")
        .build())
    .onSchema(GrantPrivilegesToAccountRoleOnSchemaArgs.builder()
        .allSchemasInDatabase("string")
        .futureSchemasInDatabase("string")
        .schemaName("string")
        .build())
    .onSchemaObject(GrantPrivilegesToAccountRoleOnSchemaObjectArgs.builder()
        .all(GrantPrivilegesToAccountRoleOnSchemaObjectAllArgs.builder()
            .objectTypePlural("string")
            .inDatabase("string")
            .inSchema("string")
            .build())
        .future(GrantPrivilegesToAccountRoleOnSchemaObjectFutureArgs.builder()
            .objectTypePlural("string")
            .inDatabase("string")
            .inSchema("string")
            .build())
        .objectName("string")
        .objectType("string")
        .build())
    .privileges("string")
    .strictPrivilegeManagement(false)
    .withGrantOption(false)
    .build());

grant_privileges_to_account_role_resource = snowflake.GrantPrivilegesToAccountRole("grantPrivilegesToAccountRoleResource",
    account_role_name="string",
    all_privileges=False,
    always_apply=False,
    always_apply_trigger="string",
    on_account=False,
    on_account_object={
        "object_name": "string",
        "object_type": "string",
    },
    on_schema={
        "all_schemas_in_database": "string",
        "future_schemas_in_database": "string",
        "schema_name": "string",
    },
    on_schema_object={
        "all": {
            "object_type_plural": "string",
            "in_database": "string",
            "in_schema": "string",
        },
        "future": {
            "object_type_plural": "string",
            "in_database": "string",
            "in_schema": "string",
        },
        "object_name": "string",
        "object_type": "string",
    },
    privileges=["string"],
    strict_privilege_management=False,
    with_grant_option=False)

const grantPrivilegesToAccountRoleResource = new snowflake.GrantPrivilegesToAccountRole("grantPrivilegesToAccountRoleResource", {
    accountRoleName: "string",
    allPrivileges: false,
    alwaysApply: false,
    alwaysApplyTrigger: "string",
    onAccount: false,
    onAccountObject: {
        objectName: "string",
        objectType: "string",
    },
    onSchema: {
        allSchemasInDatabase: "string",
        futureSchemasInDatabase: "string",
        schemaName: "string",
    },
    onSchemaObject: {
        all: {
            objectTypePlural: "string",
            inDatabase: "string",
            inSchema: "string",
        },
        future: {
            objectTypePlural: "string",
            inDatabase: "string",
            inSchema: "string",
        },
        objectName: "string",
        objectType: "string",
    },
    privileges: ["string"],
    strictPrivilegeManagement: false,
    withGrantOption: false,
});

type: snowflake:GrantPrivilegesToAccountRole
properties:
    accountRoleName: string
    allPrivileges: false
    alwaysApply: false
    alwaysApplyTrigger: string
    onAccount: false
    onAccountObject:
        objectName: string
        objectType: string
    onSchema:
        allSchemasInDatabase: string
        futureSchemasInDatabase: string
        schemaName: string
    onSchemaObject:
        all:
            inDatabase: string
            inSchema: string
            objectTypePlural: string
        future:
            inDatabase: string
            inSchema: string
            objectTypePlural: string
        objectName: string
        objectType: string
    privileges:
        - string
    strictPrivilegeManagement: false
    withGrantOption: false

GrantPrivilegesToAccountRole Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The GrantPrivilegesToAccountRole resource accepts the following input properties:

AccountRoleName string: The fully qualified name of the account role to which privileges will be granted. For more information about this resource, see docs.
AllPrivileges bool: (Default: false) Grant all privileges on the account role. When all privileges cannot be granted, the provider returns a warning, which is aligned with the Snowsight behavior.
AlwaysApply bool: (Default: false) If true, the resource will always produce a “plan” and on “apply” it will re-grant defined privileges. It is supposed to be used only in “grant privileges on all X’s in database / schema Y” or “grant all privileges to X” scenarios to make sure that every new object in a given database / schema is granted by the account role and every new privilege is granted to the database role. Important note: this flag is not compliant with the Terraform assumptions of the config being eventually convergent (producing an empty plan).
AlwaysApplyTrigger string: (Default: ``) This is a helper field and should not be set. Its main purpose is to help to achieve the functionality described by the always_apply field.
OnAccount bool: (Default: false) If true, the privileges will be granted on the account.
OnAccountObject GrantPrivilegesToAccountRoleOnAccountObject: Specifies the account object on which privileges will be granted
OnSchema GrantPrivilegesToAccountRoleOnSchema: Specifies the schema on which privileges will be granted.
OnSchemaObject GrantPrivilegesToAccountRoleOnSchemaObject: Specifies the schema object on which privileges will be granted.
Privileges List<string>: The privileges to grant on the account role. This field is case-sensitive; use only upper-case privileges.
StrictPrivilegeManagement bool: (Default: false) If true, the resource will revoke all privileges that are not explicitly defined in the config making it a central source of truth for the privileges granted on an object to an account role. If false, the resource will be only concerned with the privileges that are explicitly defined in the config. The potential privilege removals will be planned only after second pulumi up run, after setting the flag in resource configuration. This means, the flag update doesn't revoke immediately any externally granted privileges. This is a Terraform limitation, and two steps are needed to properly show the potential privilege changes (e.g., revoking privileges not specified in the configuration) in the plan. External privileges will be detected regardless of their grant option. The parameter can be only used when GRANTS_STRICT_PRIVILEGE_MANAGEMENT option is specified in provider block in the experimental_features_enabled field. Regular and future grants are treated separately, meaning, more resources need to be defined to control regular and future grants for a given object and role (and for a given database or schema they're defined in for future grants). See our Strict privilege management guide for more information.
WithGrantOption bool: (Default: false) Specifies whether the grantee can grant the privileges to other users.

AccountRoleName string: The fully qualified name of the account role to which privileges will be granted. For more information about this resource, see docs.
AllPrivileges bool: (Default: false) Grant all privileges on the account role. When all privileges cannot be granted, the provider returns a warning, which is aligned with the Snowsight behavior.
AlwaysApply bool: (Default: false) If true, the resource will always produce a “plan” and on “apply” it will re-grant defined privileges. It is supposed to be used only in “grant privileges on all X’s in database / schema Y” or “grant all privileges to X” scenarios to make sure that every new object in a given database / schema is granted by the account role and every new privilege is granted to the database role. Important note: this flag is not compliant with the Terraform assumptions of the config being eventually convergent (producing an empty plan).
AlwaysApplyTrigger string: (Default: ``) This is a helper field and should not be set. Its main purpose is to help to achieve the functionality described by the always_apply field.
OnAccount bool: (Default: false) If true, the privileges will be granted on the account.
OnAccountObject GrantPrivilegesToAccountRoleOnAccountObjectArgs: Specifies the account object on which privileges will be granted
OnSchema GrantPrivilegesToAccountRoleOnSchemaArgs: Specifies the schema on which privileges will be granted.
OnSchemaObject GrantPrivilegesToAccountRoleOnSchemaObjectArgs: Specifies the schema object on which privileges will be granted.
Privileges []string: The privileges to grant on the account role. This field is case-sensitive; use only upper-case privileges.
StrictPrivilegeManagement bool: (Default: false) If true, the resource will revoke all privileges that are not explicitly defined in the config making it a central source of truth for the privileges granted on an object to an account role. If false, the resource will be only concerned with the privileges that are explicitly defined in the config. The potential privilege removals will be planned only after second pulumi up run, after setting the flag in resource configuration. This means, the flag update doesn't revoke immediately any externally granted privileges. This is a Terraform limitation, and two steps are needed to properly show the potential privilege changes (e.g., revoking privileges not specified in the configuration) in the plan. External privileges will be detected regardless of their grant option. The parameter can be only used when GRANTS_STRICT_PRIVILEGE_MANAGEMENT option is specified in provider block in the experimental_features_enabled field. Regular and future grants are treated separately, meaning, more resources need to be defined to control regular and future grants for a given object and role (and for a given database or schema they're defined in for future grants). See our Strict privilege management guide for more information.
WithGrantOption bool: (Default: false) Specifies whether the grantee can grant the privileges to other users.

accountRoleName String: The fully qualified name of the account role to which privileges will be granted. For more information about this resource, see docs.
allPrivileges Boolean: (Default: false) Grant all privileges on the account role. When all privileges cannot be granted, the provider returns a warning, which is aligned with the Snowsight behavior.
alwaysApply Boolean: (Default: false) If true, the resource will always produce a “plan” and on “apply” it will re-grant defined privileges. It is supposed to be used only in “grant privileges on all X’s in database / schema Y” or “grant all privileges to X” scenarios to make sure that every new object in a given database / schema is granted by the account role and every new privilege is granted to the database role. Important note: this flag is not compliant with the Terraform assumptions of the config being eventually convergent (producing an empty plan).
alwaysApplyTrigger String: (Default: ``) This is a helper field and should not be set. Its main purpose is to help to achieve the functionality described by the always_apply field.
onAccount Boolean: (Default: false) If true, the privileges will be granted on the account.
onAccountObject GrantPrivilegesToAccountRoleOnAccountObject: Specifies the account object on which privileges will be granted
onSchema GrantPrivilegesToAccountRoleOnSchema: Specifies the schema on which privileges will be granted.
onSchemaObject GrantPrivilegesToAccountRoleOnSchemaObject: Specifies the schema object on which privileges will be granted.
privileges List<String>: The privileges to grant on the account role. This field is case-sensitive; use only upper-case privileges.
strictPrivilegeManagement Boolean: (Default: false) If true, the resource will revoke all privileges that are not explicitly defined in the config making it a central source of truth for the privileges granted on an object to an account role. If false, the resource will be only concerned with the privileges that are explicitly defined in the config. The potential privilege removals will be planned only after second pulumi up run, after setting the flag in resource configuration. This means, the flag update doesn't revoke immediately any externally granted privileges. This is a Terraform limitation, and two steps are needed to properly show the potential privilege changes (e.g., revoking privileges not specified in the configuration) in the plan. External privileges will be detected regardless of their grant option. The parameter can be only used when GRANTS_STRICT_PRIVILEGE_MANAGEMENT option is specified in provider block in the experimental_features_enabled field. Regular and future grants are treated separately, meaning, more resources need to be defined to control regular and future grants for a given object and role (and for a given database or schema they're defined in for future grants). See our Strict privilege management guide for more information.
withGrantOption Boolean: (Default: false) Specifies whether the grantee can grant the privileges to other users.

accountRoleName string: The fully qualified name of the account role to which privileges will be granted. For more information about this resource, see docs.
allPrivileges boolean: (Default: false) Grant all privileges on the account role. When all privileges cannot be granted, the provider returns a warning, which is aligned with the Snowsight behavior.
alwaysApply boolean: (Default: false) If true, the resource will always produce a “plan” and on “apply” it will re-grant defined privileges. It is supposed to be used only in “grant privileges on all X’s in database / schema Y” or “grant all privileges to X” scenarios to make sure that every new object in a given database / schema is granted by the account role and every new privilege is granted to the database role. Important note: this flag is not compliant with the Terraform assumptions of the config being eventually convergent (producing an empty plan).
alwaysApplyTrigger string: (Default: ``) This is a helper field and should not be set. Its main purpose is to help to achieve the functionality described by the always_apply field.
onAccount boolean: (Default: false) If true, the privileges will be granted on the account.
onAccountObject GrantPrivilegesToAccountRoleOnAccountObject: Specifies the account object on which privileges will be granted
onSchema GrantPrivilegesToAccountRoleOnSchema: Specifies the schema on which privileges will be granted.
onSchemaObject GrantPrivilegesToAccountRoleOnSchemaObject: Specifies the schema object on which privileges will be granted.
privileges string[]: The privileges to grant on the account role. This field is case-sensitive; use only upper-case privileges.
strictPrivilegeManagement boolean: (Default: false) If true, the resource will revoke all privileges that are not explicitly defined in the config making it a central source of truth for the privileges granted on an object to an account role. If false, the resource will be only concerned with the privileges that are explicitly defined in the config. The potential privilege removals will be planned only after second pulumi up run, after setting the flag in resource configuration. This means, the flag update doesn't revoke immediately any externally granted privileges. This is a Terraform limitation, and two steps are needed to properly show the potential privilege changes (e.g., revoking privileges not specified in the configuration) in the plan. External privileges will be detected regardless of their grant option. The parameter can be only used when GRANTS_STRICT_PRIVILEGE_MANAGEMENT option is specified in provider block in the experimental_features_enabled field. Regular and future grants are treated separately, meaning, more resources need to be defined to control regular and future grants for a given object and role (and for a given database or schema they're defined in for future grants). See our Strict privilege management guide for more information.
withGrantOption boolean: (Default: false) Specifies whether the grantee can grant the privileges to other users.

account_role_name str: The fully qualified name of the account role to which privileges will be granted. For more information about this resource, see docs.
all_privileges bool: (Default: false) Grant all privileges on the account role. When all privileges cannot be granted, the provider returns a warning, which is aligned with the Snowsight behavior.
always_apply bool: (Default: false) If true, the resource will always produce a “plan” and on “apply” it will re-grant defined privileges. It is supposed to be used only in “grant privileges on all X’s in database / schema Y” or “grant all privileges to X” scenarios to make sure that every new object in a given database / schema is granted by the account role and every new privilege is granted to the database role. Important note: this flag is not compliant with the Terraform assumptions of the config being eventually convergent (producing an empty plan).
always_apply_trigger str: (Default: ``) This is a helper field and should not be set. Its main purpose is to help to achieve the functionality described by the always_apply field.
on_account bool: (Default: false) If true, the privileges will be granted on the account.
on_account_object GrantPrivilegesToAccountRoleOnAccountObjectArgs: Specifies the account object on which privileges will be granted
on_schema GrantPrivilegesToAccountRoleOnSchemaArgs: Specifies the schema on which privileges will be granted.
on_schema_object GrantPrivilegesToAccountRoleOnSchemaObjectArgs: Specifies the schema object on which privileges will be granted.
privileges Sequence[str]: The privileges to grant on the account role. This field is case-sensitive; use only upper-case privileges.
strict_privilege_management bool: (Default: false) If true, the resource will revoke all privileges that are not explicitly defined in the config making it a central source of truth for the privileges granted on an object to an account role. If false, the resource will be only concerned with the privileges that are explicitly defined in the config. The potential privilege removals will be planned only after second pulumi up run, after setting the flag in resource configuration. This means, the flag update doesn't revoke immediately any externally granted privileges. This is a Terraform limitation, and two steps are needed to properly show the potential privilege changes (e.g., revoking privileges not specified in the configuration) in the plan. External privileges will be detected regardless of their grant option. The parameter can be only used when GRANTS_STRICT_PRIVILEGE_MANAGEMENT option is specified in provider block in the experimental_features_enabled field. Regular and future grants are treated separately, meaning, more resources need to be defined to control regular and future grants for a given object and role (and for a given database or schema they're defined in for future grants). See our Strict privilege management guide for more information.
with_grant_option bool: (Default: false) Specifies whether the grantee can grant the privileges to other users.

accountRoleName String: The fully qualified name of the account role to which privileges will be granted. For more information about this resource, see docs.
allPrivileges Boolean: (Default: false) Grant all privileges on the account role. When all privileges cannot be granted, the provider returns a warning, which is aligned with the Snowsight behavior.
alwaysApply Boolean: (Default: false) If true, the resource will always produce a “plan” and on “apply” it will re-grant defined privileges. It is supposed to be used only in “grant privileges on all X’s in database / schema Y” or “grant all privileges to X” scenarios to make sure that every new object in a given database / schema is granted by the account role and every new privilege is granted to the database role. Important note: this flag is not compliant with the Terraform assumptions of the config being eventually convergent (producing an empty plan).
alwaysApplyTrigger String: (Default: ``) This is a helper field and should not be set. Its main purpose is to help to achieve the functionality described by the always_apply field.
onAccount Boolean: (Default: false) If true, the privileges will be granted on the account.
onAccountObject Property Map: Specifies the account object on which privileges will be granted
onSchema Property Map: Specifies the schema on which privileges will be granted.
onSchemaObject Property Map: Specifies the schema object on which privileges will be granted.
privileges List<String>: The privileges to grant on the account role. This field is case-sensitive; use only upper-case privileges.
strictPrivilegeManagement Boolean: (Default: false) If true, the resource will revoke all privileges that are not explicitly defined in the config making it a central source of truth for the privileges granted on an object to an account role. If false, the resource will be only concerned with the privileges that are explicitly defined in the config. The potential privilege removals will be planned only after second pulumi up run, after setting the flag in resource configuration. This means, the flag update doesn't revoke immediately any externally granted privileges. This is a Terraform limitation, and two steps are needed to properly show the potential privilege changes (e.g., revoking privileges not specified in the configuration) in the plan. External privileges will be detected regardless of their grant option. The parameter can be only used when GRANTS_STRICT_PRIVILEGE_MANAGEMENT option is specified in provider block in the experimental_features_enabled field. Regular and future grants are treated separately, meaning, more resources need to be defined to control regular and future grants for a given object and role (and for a given database or schema they're defined in for future grants). See our Strict privilege management guide for more information.
withGrantOption Boolean: (Default: false) Specifies whether the grantee can grant the privileges to other users.

Outputs

All input properties are implicitly available as output properties. Additionally, the GrantPrivilegesToAccountRole resource produces the following output properties:

Id string: The provider-assigned unique ID for this managed resource.

Id string: The provider-assigned unique ID for this managed resource.

id String: The provider-assigned unique ID for this managed resource.

id string: The provider-assigned unique ID for this managed resource.

id str: The provider-assigned unique ID for this managed resource.

id String: The provider-assigned unique ID for this managed resource.

Look up Existing GrantPrivilegesToAccountRole Resource

Get an existing GrantPrivilegesToAccountRole resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: GrantPrivilegesToAccountRoleState, opts?: CustomResourceOptions): GrantPrivilegesToAccountRole

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        account_role_name: Optional[str] = None,
        all_privileges: Optional[bool] = None,
        always_apply: Optional[bool] = None,
        always_apply_trigger: Optional[str] = None,
        on_account: Optional[bool] = None,
        on_account_object: Optional[GrantPrivilegesToAccountRoleOnAccountObjectArgs] = None,
        on_schema: Optional[GrantPrivilegesToAccountRoleOnSchemaArgs] = None,
        on_schema_object: Optional[GrantPrivilegesToAccountRoleOnSchemaObjectArgs] = None,
        privileges: Optional[Sequence[str]] = None,
        strict_privilege_management: Optional[bool] = None,
        with_grant_option: Optional[bool] = None) -> GrantPrivilegesToAccountRole

func GetGrantPrivilegesToAccountRole(ctx *Context, name string, id IDInput, state *GrantPrivilegesToAccountRoleState, opts ...ResourceOption) (*GrantPrivilegesToAccountRole, error)

public static GrantPrivilegesToAccountRole Get(string name, Input<string> id, GrantPrivilegesToAccountRoleState? state, CustomResourceOptions? opts = null)

public static GrantPrivilegesToAccountRole get(String name, Output<String> id, GrantPrivilegesToAccountRoleState state, CustomResourceOptions options)

resources:  _:    type: snowflake:GrantPrivilegesToAccountRole    get:      id: ${id}

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

AccountRoleName string: The fully qualified name of the account role to which privileges will be granted. For more information about this resource, see docs.
AllPrivileges bool: (Default: false) Grant all privileges on the account role. When all privileges cannot be granted, the provider returns a warning, which is aligned with the Snowsight behavior.
AlwaysApply bool: (Default: false) If true, the resource will always produce a “plan” and on “apply” it will re-grant defined privileges. It is supposed to be used only in “grant privileges on all X’s in database / schema Y” or “grant all privileges to X” scenarios to make sure that every new object in a given database / schema is granted by the account role and every new privilege is granted to the database role. Important note: this flag is not compliant with the Terraform assumptions of the config being eventually convergent (producing an empty plan).
AlwaysApplyTrigger string: (Default: ``) This is a helper field and should not be set. Its main purpose is to help to achieve the functionality described by the always_apply field.
OnAccount bool: (Default: false) If true, the privileges will be granted on the account.
OnAccountObject GrantPrivilegesToAccountRoleOnAccountObject: Specifies the account object on which privileges will be granted
OnSchema GrantPrivilegesToAccountRoleOnSchema: Specifies the schema on which privileges will be granted.
OnSchemaObject GrantPrivilegesToAccountRoleOnSchemaObject: Specifies the schema object on which privileges will be granted.
Privileges List<string>: The privileges to grant on the account role. This field is case-sensitive; use only upper-case privileges.
StrictPrivilegeManagement bool: (Default: false) If true, the resource will revoke all privileges that are not explicitly defined in the config making it a central source of truth for the privileges granted on an object to an account role. If false, the resource will be only concerned with the privileges that are explicitly defined in the config. The potential privilege removals will be planned only after second pulumi up run, after setting the flag in resource configuration. This means, the flag update doesn't revoke immediately any externally granted privileges. This is a Terraform limitation, and two steps are needed to properly show the potential privilege changes (e.g., revoking privileges not specified in the configuration) in the plan. External privileges will be detected regardless of their grant option. The parameter can be only used when GRANTS_STRICT_PRIVILEGE_MANAGEMENT option is specified in provider block in the experimental_features_enabled field. Regular and future grants are treated separately, meaning, more resources need to be defined to control regular and future grants for a given object and role (and for a given database or schema they're defined in for future grants). See our Strict privilege management guide for more information.
WithGrantOption bool: (Default: false) Specifies whether the grantee can grant the privileges to other users.

AccountRoleName string: The fully qualified name of the account role to which privileges will be granted. For more information about this resource, see docs.
AllPrivileges bool: (Default: false) Grant all privileges on the account role. When all privileges cannot be granted, the provider returns a warning, which is aligned with the Snowsight behavior.
AlwaysApply bool: (Default: false) If true, the resource will always produce a “plan” and on “apply” it will re-grant defined privileges. It is supposed to be used only in “grant privileges on all X’s in database / schema Y” or “grant all privileges to X” scenarios to make sure that every new object in a given database / schema is granted by the account role and every new privilege is granted to the database role. Important note: this flag is not compliant with the Terraform assumptions of the config being eventually convergent (producing an empty plan).
AlwaysApplyTrigger string: (Default: ``) This is a helper field and should not be set. Its main purpose is to help to achieve the functionality described by the always_apply field.
OnAccount bool: (Default: false) If true, the privileges will be granted on the account.
OnAccountObject GrantPrivilegesToAccountRoleOnAccountObjectArgs: Specifies the account object on which privileges will be granted
OnSchema GrantPrivilegesToAccountRoleOnSchemaArgs: Specifies the schema on which privileges will be granted.
OnSchemaObject GrantPrivilegesToAccountRoleOnSchemaObjectArgs: Specifies the schema object on which privileges will be granted.
Privileges []string: The privileges to grant on the account role. This field is case-sensitive; use only upper-case privileges.
StrictPrivilegeManagement bool: (Default: false) If true, the resource will revoke all privileges that are not explicitly defined in the config making it a central source of truth for the privileges granted on an object to an account role. If false, the resource will be only concerned with the privileges that are explicitly defined in the config. The potential privilege removals will be planned only after second pulumi up run, after setting the flag in resource configuration. This means, the flag update doesn't revoke immediately any externally granted privileges. This is a Terraform limitation, and two steps are needed to properly show the potential privilege changes (e.g., revoking privileges not specified in the configuration) in the plan. External privileges will be detected regardless of their grant option. The parameter can be only used when GRANTS_STRICT_PRIVILEGE_MANAGEMENT option is specified in provider block in the experimental_features_enabled field. Regular and future grants are treated separately, meaning, more resources need to be defined to control regular and future grants for a given object and role (and for a given database or schema they're defined in for future grants). See our Strict privilege management guide for more information.
WithGrantOption bool: (Default: false) Specifies whether the grantee can grant the privileges to other users.

accountRoleName String: The fully qualified name of the account role to which privileges will be granted. For more information about this resource, see docs.
allPrivileges Boolean: (Default: false) Grant all privileges on the account role. When all privileges cannot be granted, the provider returns a warning, which is aligned with the Snowsight behavior.
alwaysApply Boolean: (Default: false) If true, the resource will always produce a “plan” and on “apply” it will re-grant defined privileges. It is supposed to be used only in “grant privileges on all X’s in database / schema Y” or “grant all privileges to X” scenarios to make sure that every new object in a given database / schema is granted by the account role and every new privilege is granted to the database role. Important note: this flag is not compliant with the Terraform assumptions of the config being eventually convergent (producing an empty plan).
alwaysApplyTrigger String: (Default: ``) This is a helper field and should not be set. Its main purpose is to help to achieve the functionality described by the always_apply field.
onAccount Boolean: (Default: false) If true, the privileges will be granted on the account.
onAccountObject GrantPrivilegesToAccountRoleOnAccountObject: Specifies the account object on which privileges will be granted
onSchema GrantPrivilegesToAccountRoleOnSchema: Specifies the schema on which privileges will be granted.
onSchemaObject GrantPrivilegesToAccountRoleOnSchemaObject: Specifies the schema object on which privileges will be granted.
privileges List<String>: The privileges to grant on the account role. This field is case-sensitive; use only upper-case privileges.
strictPrivilegeManagement Boolean: (Default: false) If true, the resource will revoke all privileges that are not explicitly defined in the config making it a central source of truth for the privileges granted on an object to an account role. If false, the resource will be only concerned with the privileges that are explicitly defined in the config. The potential privilege removals will be planned only after second pulumi up run, after setting the flag in resource configuration. This means, the flag update doesn't revoke immediately any externally granted privileges. This is a Terraform limitation, and two steps are needed to properly show the potential privilege changes (e.g., revoking privileges not specified in the configuration) in the plan. External privileges will be detected regardless of their grant option. The parameter can be only used when GRANTS_STRICT_PRIVILEGE_MANAGEMENT option is specified in provider block in the experimental_features_enabled field. Regular and future grants are treated separately, meaning, more resources need to be defined to control regular and future grants for a given object and role (and for a given database or schema they're defined in for future grants). See our Strict privilege management guide for more information.
withGrantOption Boolean: (Default: false) Specifies whether the grantee can grant the privileges to other users.

accountRoleName string: The fully qualified name of the account role to which privileges will be granted. For more information about this resource, see docs.
allPrivileges boolean: (Default: false) Grant all privileges on the account role. When all privileges cannot be granted, the provider returns a warning, which is aligned with the Snowsight behavior.
alwaysApply boolean: (Default: false) If true, the resource will always produce a “plan” and on “apply” it will re-grant defined privileges. It is supposed to be used only in “grant privileges on all X’s in database / schema Y” or “grant all privileges to X” scenarios to make sure that every new object in a given database / schema is granted by the account role and every new privilege is granted to the database role. Important note: this flag is not compliant with the Terraform assumptions of the config being eventually convergent (producing an empty plan).
alwaysApplyTrigger string: (Default: ``) This is a helper field and should not be set. Its main purpose is to help to achieve the functionality described by the always_apply field.
onAccount boolean: (Default: false) If true, the privileges will be granted on the account.
onAccountObject GrantPrivilegesToAccountRoleOnAccountObject: Specifies the account object on which privileges will be granted
onSchema GrantPrivilegesToAccountRoleOnSchema: Specifies the schema on which privileges will be granted.
onSchemaObject GrantPrivilegesToAccountRoleOnSchemaObject: Specifies the schema object on which privileges will be granted.
privileges string[]: The privileges to grant on the account role. This field is case-sensitive; use only upper-case privileges.
strictPrivilegeManagement boolean: (Default: false) If true, the resource will revoke all privileges that are not explicitly defined in the config making it a central source of truth for the privileges granted on an object to an account role. If false, the resource will be only concerned with the privileges that are explicitly defined in the config. The potential privilege removals will be planned only after second pulumi up run, after setting the flag in resource configuration. This means, the flag update doesn't revoke immediately any externally granted privileges. This is a Terraform limitation, and two steps are needed to properly show the potential privilege changes (e.g., revoking privileges not specified in the configuration) in the plan. External privileges will be detected regardless of their grant option. The parameter can be only used when GRANTS_STRICT_PRIVILEGE_MANAGEMENT option is specified in provider block in the experimental_features_enabled field. Regular and future grants are treated separately, meaning, more resources need to be defined to control regular and future grants for a given object and role (and for a given database or schema they're defined in for future grants). See our Strict privilege management guide for more information.
withGrantOption boolean: (Default: false) Specifies whether the grantee can grant the privileges to other users.

account_role_name str: The fully qualified name of the account role to which privileges will be granted. For more information about this resource, see docs.
all_privileges bool: (Default: false) Grant all privileges on the account role. When all privileges cannot be granted, the provider returns a warning, which is aligned with the Snowsight behavior.
always_apply bool: (Default: false) If true, the resource will always produce a “plan” and on “apply” it will re-grant defined privileges. It is supposed to be used only in “grant privileges on all X’s in database / schema Y” or “grant all privileges to X” scenarios to make sure that every new object in a given database / schema is granted by the account role and every new privilege is granted to the database role. Important note: this flag is not compliant with the Terraform assumptions of the config being eventually convergent (producing an empty plan).
always_apply_trigger str: (Default: ``) This is a helper field and should not be set. Its main purpose is to help to achieve the functionality described by the always_apply field.
on_account bool: (Default: false) If true, the privileges will be granted on the account.
on_account_object GrantPrivilegesToAccountRoleOnAccountObjectArgs: Specifies the account object on which privileges will be granted
on_schema GrantPrivilegesToAccountRoleOnSchemaArgs: Specifies the schema on which privileges will be granted.
on_schema_object GrantPrivilegesToAccountRoleOnSchemaObjectArgs: Specifies the schema object on which privileges will be granted.
privileges Sequence[str]: The privileges to grant on the account role. This field is case-sensitive; use only upper-case privileges.
strict_privilege_management bool: (Default: false) If true, the resource will revoke all privileges that are not explicitly defined in the config making it a central source of truth for the privileges granted on an object to an account role. If false, the resource will be only concerned with the privileges that are explicitly defined in the config. The potential privilege removals will be planned only after second pulumi up run, after setting the flag in resource configuration. This means, the flag update doesn't revoke immediately any externally granted privileges. This is a Terraform limitation, and two steps are needed to properly show the potential privilege changes (e.g., revoking privileges not specified in the configuration) in the plan. External privileges will be detected regardless of their grant option. The parameter can be only used when GRANTS_STRICT_PRIVILEGE_MANAGEMENT option is specified in provider block in the experimental_features_enabled field. Regular and future grants are treated separately, meaning, more resources need to be defined to control regular and future grants for a given object and role (and for a given database or schema they're defined in for future grants). See our Strict privilege management guide for more information.
with_grant_option bool: (Default: false) Specifies whether the grantee can grant the privileges to other users.

accountRoleName String: The fully qualified name of the account role to which privileges will be granted. For more information about this resource, see docs.
allPrivileges Boolean: (Default: false) Grant all privileges on the account role. When all privileges cannot be granted, the provider returns a warning, which is aligned with the Snowsight behavior.
alwaysApply Boolean: (Default: false) If true, the resource will always produce a “plan” and on “apply” it will re-grant defined privileges. It is supposed to be used only in “grant privileges on all X’s in database / schema Y” or “grant all privileges to X” scenarios to make sure that every new object in a given database / schema is granted by the account role and every new privilege is granted to the database role. Important note: this flag is not compliant with the Terraform assumptions of the config being eventually convergent (producing an empty plan).
alwaysApplyTrigger String: (Default: ``) This is a helper field and should not be set. Its main purpose is to help to achieve the functionality described by the always_apply field.
onAccount Boolean: (Default: false) If true, the privileges will be granted on the account.
onAccountObject Property Map: Specifies the account object on which privileges will be granted
onSchema Property Map: Specifies the schema on which privileges will be granted.
onSchemaObject Property Map: Specifies the schema object on which privileges will be granted.
privileges List<String>: The privileges to grant on the account role. This field is case-sensitive; use only upper-case privileges.
strictPrivilegeManagement Boolean: (Default: false) If true, the resource will revoke all privileges that are not explicitly defined in the config making it a central source of truth for the privileges granted on an object to an account role. If false, the resource will be only concerned with the privileges that are explicitly defined in the config. The potential privilege removals will be planned only after second pulumi up run, after setting the flag in resource configuration. This means, the flag update doesn't revoke immediately any externally granted privileges. This is a Terraform limitation, and two steps are needed to properly show the potential privilege changes (e.g., revoking privileges not specified in the configuration) in the plan. External privileges will be detected regardless of their grant option. The parameter can be only used when GRANTS_STRICT_PRIVILEGE_MANAGEMENT option is specified in provider block in the experimental_features_enabled field. Regular and future grants are treated separately, meaning, more resources need to be defined to control regular and future grants for a given object and role (and for a given database or schema they're defined in for future grants). See our Strict privilege management guide for more information.
withGrantOption Boolean: (Default: false) Specifies whether the grantee can grant the privileges to other users.

Supporting Types

GrantPrivilegesToAccountRoleOnAccountObject, GrantPrivilegesToAccountRoleOnAccountObjectArgs

ObjectName string: The fully qualified name of the object on which privileges will be granted.
ObjectType string: The object type of the account object on which privileges will be granted. Valid values are: USER | RESOURCE MONITOR | WAREHOUSE | COMPUTE POOL | DATABASE | INTEGRATION | CONNECTION | FAILOVER GROUP | REPLICATION GROUP | EXTERNAL VOLUME

ObjectName string: The fully qualified name of the object on which privileges will be granted.
ObjectType string: The object type of the account object on which privileges will be granted. Valid values are: USER | RESOURCE MONITOR | WAREHOUSE | COMPUTE POOL | DATABASE | INTEGRATION | CONNECTION | FAILOVER GROUP | REPLICATION GROUP | EXTERNAL VOLUME

objectName String: The fully qualified name of the object on which privileges will be granted.
objectType String: The object type of the account object on which privileges will be granted. Valid values are: USER | RESOURCE MONITOR | WAREHOUSE | COMPUTE POOL | DATABASE | INTEGRATION | CONNECTION | FAILOVER GROUP | REPLICATION GROUP | EXTERNAL VOLUME

objectName string: The fully qualified name of the object on which privileges will be granted.
objectType string: The object type of the account object on which privileges will be granted. Valid values are: USER | RESOURCE MONITOR | WAREHOUSE | COMPUTE POOL | DATABASE | INTEGRATION | CONNECTION | FAILOVER GROUP | REPLICATION GROUP | EXTERNAL VOLUME

object_name str: The fully qualified name of the object on which privileges will be granted.
object_type str: The object type of the account object on which privileges will be granted. Valid values are: USER | RESOURCE MONITOR | WAREHOUSE | COMPUTE POOL | DATABASE | INTEGRATION | CONNECTION | FAILOVER GROUP | REPLICATION GROUP | EXTERNAL VOLUME

objectName String: The fully qualified name of the object on which privileges will be granted.
objectType String: The object type of the account object on which privileges will be granted. Valid values are: USER | RESOURCE MONITOR | WAREHOUSE | COMPUTE POOL | DATABASE | INTEGRATION | CONNECTION | FAILOVER GROUP | REPLICATION GROUP | EXTERNAL VOLUME

GrantPrivilegesToAccountRoleOnSchema, GrantPrivilegesToAccountRoleOnSchemaArgs

AllSchemasInDatabase string: The fully qualified name of the database.
FutureSchemasInDatabase string: The fully qualified name of the database.
SchemaName string: The fully qualified name of the schema.

AllSchemasInDatabase string: The fully qualified name of the database.
FutureSchemasInDatabase string: The fully qualified name of the database.
SchemaName string: The fully qualified name of the schema.

allSchemasInDatabase String: The fully qualified name of the database.
futureSchemasInDatabase String: The fully qualified name of the database.
schemaName String: The fully qualified name of the schema.

allSchemasInDatabase string: The fully qualified name of the database.
futureSchemasInDatabase string: The fully qualified name of the database.
schemaName string: The fully qualified name of the schema.

all_schemas_in_database str: The fully qualified name of the database.
future_schemas_in_database str: The fully qualified name of the database.
schema_name str: The fully qualified name of the schema.

allSchemasInDatabase String: The fully qualified name of the database.
futureSchemasInDatabase String: The fully qualified name of the database.
schemaName String: The fully qualified name of the schema.

GrantPrivilegesToAccountRoleOnSchemaObject, GrantPrivilegesToAccountRoleOnSchemaObjectArgs

All GrantPrivilegesToAccountRoleOnSchemaObjectAll: Configures the privilege to be granted on all objects in either a database or schema.
Future GrantPrivilegesToAccountRoleOnSchemaObjectFuture: Configures the privilege to be granted on future objects in either a database or schema.
ObjectName string: The fully qualified name of the object on which privileges will be granted.
ObjectType string: The object type of the schema object on which privileges will be granted. Valid values are: AGENT | AGGREGATION POLICY | ALERT | AUTHENTICATION POLICY | CORTEX SEARCH SERVICE | DATA METRIC FUNCTION | DATASET | DBT PROJECT | DYNAMIC TABLE | EVENT TABLE | EXPERIMENT | EXTERNAL TABLE | FILE FORMAT | FUNCTION | GATEWAY | GIT REPOSITORY | HYBRID TABLE | IMAGE REPOSITORY | ICEBERG TABLE | JOIN POLICY | MASKING POLICY | MATERIALIZED VIEW | MCP SERVER | MODEL | MODEL MONITOR | NETWORK RULE | NOTEBOOK | NOTEBOOK PROJECT | ONLINE FEATURE TABLE | PACKAGES POLICY | PASSWORD POLICY | PIPE | PRIVACY POLICY | PROCEDURE | PROJECTION POLICY | ROW ACCESS POLICY | SECRET | SEMANTIC VIEW | SERVICE | SESSION POLICY | SEQUENCE | SNAPSHOT | SNAPSHOT POLICY | SNAPSHOT SET | STAGE | STORAGE LIFECYCLE POLICY | STREAM | STREAMLIT | TABLE | TAG | TASK | VIEW | WORKSPACE

All GrantPrivilegesToAccountRoleOnSchemaObjectAll: Configures the privilege to be granted on all objects in either a database or schema.
Future GrantPrivilegesToAccountRoleOnSchemaObjectFuture: Configures the privilege to be granted on future objects in either a database or schema.
ObjectName string: The fully qualified name of the object on which privileges will be granted.
ObjectType string: The object type of the schema object on which privileges will be granted. Valid values are: AGENT | AGGREGATION POLICY | ALERT | AUTHENTICATION POLICY | CORTEX SEARCH SERVICE | DATA METRIC FUNCTION | DATASET | DBT PROJECT | DYNAMIC TABLE | EVENT TABLE | EXPERIMENT | EXTERNAL TABLE | FILE FORMAT | FUNCTION | GATEWAY | GIT REPOSITORY | HYBRID TABLE | IMAGE REPOSITORY | ICEBERG TABLE | JOIN POLICY | MASKING POLICY | MATERIALIZED VIEW | MCP SERVER | MODEL | MODEL MONITOR | NETWORK RULE | NOTEBOOK | NOTEBOOK PROJECT | ONLINE FEATURE TABLE | PACKAGES POLICY | PASSWORD POLICY | PIPE | PRIVACY POLICY | PROCEDURE | PROJECTION POLICY | ROW ACCESS POLICY | SECRET | SEMANTIC VIEW | SERVICE | SESSION POLICY | SEQUENCE | SNAPSHOT | SNAPSHOT POLICY | SNAPSHOT SET | STAGE | STORAGE LIFECYCLE POLICY | STREAM | STREAMLIT | TABLE | TAG | TASK | VIEW | WORKSPACE

all GrantPrivilegesToAccountRoleOnSchemaObjectAll: Configures the privilege to be granted on all objects in either a database or schema.
future GrantPrivilegesToAccountRoleOnSchemaObjectFuture: Configures the privilege to be granted on future objects in either a database or schema.
objectName String: The fully qualified name of the object on which privileges will be granted.
objectType String: The object type of the schema object on which privileges will be granted. Valid values are: AGENT | AGGREGATION POLICY | ALERT | AUTHENTICATION POLICY | CORTEX SEARCH SERVICE | DATA METRIC FUNCTION | DATASET | DBT PROJECT | DYNAMIC TABLE | EVENT TABLE | EXPERIMENT | EXTERNAL TABLE | FILE FORMAT | FUNCTION | GATEWAY | GIT REPOSITORY | HYBRID TABLE | IMAGE REPOSITORY | ICEBERG TABLE | JOIN POLICY | MASKING POLICY | MATERIALIZED VIEW | MCP SERVER | MODEL | MODEL MONITOR | NETWORK RULE | NOTEBOOK | NOTEBOOK PROJECT | ONLINE FEATURE TABLE | PACKAGES POLICY | PASSWORD POLICY | PIPE | PRIVACY POLICY | PROCEDURE | PROJECTION POLICY | ROW ACCESS POLICY | SECRET | SEMANTIC VIEW | SERVICE | SESSION POLICY | SEQUENCE | SNAPSHOT | SNAPSHOT POLICY | SNAPSHOT SET | STAGE | STORAGE LIFECYCLE POLICY | STREAM | STREAMLIT | TABLE | TAG | TASK | VIEW | WORKSPACE

all GrantPrivilegesToAccountRoleOnSchemaObjectAll: Configures the privilege to be granted on all objects in either a database or schema.
future GrantPrivilegesToAccountRoleOnSchemaObjectFuture: Configures the privilege to be granted on future objects in either a database or schema.
objectName string: The fully qualified name of the object on which privileges will be granted.
objectType string: The object type of the schema object on which privileges will be granted. Valid values are: AGENT | AGGREGATION POLICY | ALERT | AUTHENTICATION POLICY | CORTEX SEARCH SERVICE | DATA METRIC FUNCTION | DATASET | DBT PROJECT | DYNAMIC TABLE | EVENT TABLE | EXPERIMENT | EXTERNAL TABLE | FILE FORMAT | FUNCTION | GATEWAY | GIT REPOSITORY | HYBRID TABLE | IMAGE REPOSITORY | ICEBERG TABLE | JOIN POLICY | MASKING POLICY | MATERIALIZED VIEW | MCP SERVER | MODEL | MODEL MONITOR | NETWORK RULE | NOTEBOOK | NOTEBOOK PROJECT | ONLINE FEATURE TABLE | PACKAGES POLICY | PASSWORD POLICY | PIPE | PRIVACY POLICY | PROCEDURE | PROJECTION POLICY | ROW ACCESS POLICY | SECRET | SEMANTIC VIEW | SERVICE | SESSION POLICY | SEQUENCE | SNAPSHOT | SNAPSHOT POLICY | SNAPSHOT SET | STAGE | STORAGE LIFECYCLE POLICY | STREAM | STREAMLIT | TABLE | TAG | TASK | VIEW | WORKSPACE

all GrantPrivilegesToAccountRoleOnSchemaObjectAll: Configures the privilege to be granted on all objects in either a database or schema.
future GrantPrivilegesToAccountRoleOnSchemaObjectFuture: Configures the privilege to be granted on future objects in either a database or schema.
object_name str: The fully qualified name of the object on which privileges will be granted.
object_type str: The object type of the schema object on which privileges will be granted. Valid values are: AGENT | AGGREGATION POLICY | ALERT | AUTHENTICATION POLICY | CORTEX SEARCH SERVICE | DATA METRIC FUNCTION | DATASET | DBT PROJECT | DYNAMIC TABLE | EVENT TABLE | EXPERIMENT | EXTERNAL TABLE | FILE FORMAT | FUNCTION | GATEWAY | GIT REPOSITORY | HYBRID TABLE | IMAGE REPOSITORY | ICEBERG TABLE | JOIN POLICY | MASKING POLICY | MATERIALIZED VIEW | MCP SERVER | MODEL | MODEL MONITOR | NETWORK RULE | NOTEBOOK | NOTEBOOK PROJECT | ONLINE FEATURE TABLE | PACKAGES POLICY | PASSWORD POLICY | PIPE | PRIVACY POLICY | PROCEDURE | PROJECTION POLICY | ROW ACCESS POLICY | SECRET | SEMANTIC VIEW | SERVICE | SESSION POLICY | SEQUENCE | SNAPSHOT | SNAPSHOT POLICY | SNAPSHOT SET | STAGE | STORAGE LIFECYCLE POLICY | STREAM | STREAMLIT | TABLE | TAG | TASK | VIEW | WORKSPACE

all Property Map: Configures the privilege to be granted on all objects in either a database or schema.
future Property Map: Configures the privilege to be granted on future objects in either a database or schema.
objectName String: The fully qualified name of the object on which privileges will be granted.
objectType String: The object type of the schema object on which privileges will be granted. Valid values are: AGENT | AGGREGATION POLICY | ALERT | AUTHENTICATION POLICY | CORTEX SEARCH SERVICE | DATA METRIC FUNCTION | DATASET | DBT PROJECT | DYNAMIC TABLE | EVENT TABLE | EXPERIMENT | EXTERNAL TABLE | FILE FORMAT | FUNCTION | GATEWAY | GIT REPOSITORY | HYBRID TABLE | IMAGE REPOSITORY | ICEBERG TABLE | JOIN POLICY | MASKING POLICY | MATERIALIZED VIEW | MCP SERVER | MODEL | MODEL MONITOR | NETWORK RULE | NOTEBOOK | NOTEBOOK PROJECT | ONLINE FEATURE TABLE | PACKAGES POLICY | PASSWORD POLICY | PIPE | PRIVACY POLICY | PROCEDURE | PROJECTION POLICY | ROW ACCESS POLICY | SECRET | SEMANTIC VIEW | SERVICE | SESSION POLICY | SEQUENCE | SNAPSHOT | SNAPSHOT POLICY | SNAPSHOT SET | STAGE | STORAGE LIFECYCLE POLICY | STREAM | STREAMLIT | TABLE | TAG | TASK | VIEW | WORKSPACE

GrantPrivilegesToAccountRoleOnSchemaObjectAll, GrantPrivilegesToAccountRoleOnSchemaObjectAllArgs

ObjectTypePlural string: The plural object type of the schema object on which privileges will be granted. Valid values are: AGENTS | AGGREGATION POLICIES | ALERTS | AUTHENTICATION POLICIES | CORTEX SEARCH SERVICES | DATA METRIC FUNCTIONS | DATASETS | DBT PROJECTS | DYNAMIC TABLES | EVENT TABLES | EXTERNAL TABLES | FILE FORMATS | FUNCTIONS | GIT REPOSITORIES | HYBRID TABLES | IMAGE REPOSITORIES | ICEBERG TABLES | MASKING POLICIES | MATERIALIZED VIEWS | MCP SERVERS | MODELS | MODEL MONITORS | NETWORK RULES | NOTEBOOKS | ONLINE FEATURE TABLES | PACKAGES POLICIES | PASSWORD POLICIES | PIPES | PRIVACY POLICIES | PROCEDURES | PROJECTION POLICIES | ROW ACCESS POLICIES | SECRETS | SEMANTIC VIEWS | SERVICES | SESSION POLICIES | SEQUENCES | SNAPSHOTS | SNAPSHOT POLICIES | SNAPSHOT SETS | STAGES | STREAMS | STREAMLITS | TABLES | TAGS | TASKS | VIEWS.
InDatabase string
InSchema string

ObjectTypePlural string: The plural object type of the schema object on which privileges will be granted. Valid values are: AGENTS | AGGREGATION POLICIES | ALERTS | AUTHENTICATION POLICIES | CORTEX SEARCH SERVICES | DATA METRIC FUNCTIONS | DATASETS | DBT PROJECTS | DYNAMIC TABLES | EVENT TABLES | EXTERNAL TABLES | FILE FORMATS | FUNCTIONS | GIT REPOSITORIES | HYBRID TABLES | IMAGE REPOSITORIES | ICEBERG TABLES | MASKING POLICIES | MATERIALIZED VIEWS | MCP SERVERS | MODELS | MODEL MONITORS | NETWORK RULES | NOTEBOOKS | ONLINE FEATURE TABLES | PACKAGES POLICIES | PASSWORD POLICIES | PIPES | PRIVACY POLICIES | PROCEDURES | PROJECTION POLICIES | ROW ACCESS POLICIES | SECRETS | SEMANTIC VIEWS | SERVICES | SESSION POLICIES | SEQUENCES | SNAPSHOTS | SNAPSHOT POLICIES | SNAPSHOT SETS | STAGES | STREAMS | STREAMLITS | TABLES | TAGS | TASKS | VIEWS.
InDatabase string
InSchema string

objectTypePlural String: The plural object type of the schema object on which privileges will be granted. Valid values are: AGENTS | AGGREGATION POLICIES | ALERTS | AUTHENTICATION POLICIES | CORTEX SEARCH SERVICES | DATA METRIC FUNCTIONS | DATASETS | DBT PROJECTS | DYNAMIC TABLES | EVENT TABLES | EXTERNAL TABLES | FILE FORMATS | FUNCTIONS | GIT REPOSITORIES | HYBRID TABLES | IMAGE REPOSITORIES | ICEBERG TABLES | MASKING POLICIES | MATERIALIZED VIEWS | MCP SERVERS | MODELS | MODEL MONITORS | NETWORK RULES | NOTEBOOKS | ONLINE FEATURE TABLES | PACKAGES POLICIES | PASSWORD POLICIES | PIPES | PRIVACY POLICIES | PROCEDURES | PROJECTION POLICIES | ROW ACCESS POLICIES | SECRETS | SEMANTIC VIEWS | SERVICES | SESSION POLICIES | SEQUENCES | SNAPSHOTS | SNAPSHOT POLICIES | SNAPSHOT SETS | STAGES | STREAMS | STREAMLITS | TABLES | TAGS | TASKS | VIEWS.
inDatabase String
inSchema String

objectTypePlural string: The plural object type of the schema object on which privileges will be granted. Valid values are: AGENTS | AGGREGATION POLICIES | ALERTS | AUTHENTICATION POLICIES | CORTEX SEARCH SERVICES | DATA METRIC FUNCTIONS | DATASETS | DBT PROJECTS | DYNAMIC TABLES | EVENT TABLES | EXTERNAL TABLES | FILE FORMATS | FUNCTIONS | GIT REPOSITORIES | HYBRID TABLES | IMAGE REPOSITORIES | ICEBERG TABLES | MASKING POLICIES | MATERIALIZED VIEWS | MCP SERVERS | MODELS | MODEL MONITORS | NETWORK RULES | NOTEBOOKS | ONLINE FEATURE TABLES | PACKAGES POLICIES | PASSWORD POLICIES | PIPES | PRIVACY POLICIES | PROCEDURES | PROJECTION POLICIES | ROW ACCESS POLICIES | SECRETS | SEMANTIC VIEWS | SERVICES | SESSION POLICIES | SEQUENCES | SNAPSHOTS | SNAPSHOT POLICIES | SNAPSHOT SETS | STAGES | STREAMS | STREAMLITS | TABLES | TAGS | TASKS | VIEWS.
inDatabase string
inSchema string

object_type_plural str: The plural object type of the schema object on which privileges will be granted. Valid values are: AGENTS | AGGREGATION POLICIES | ALERTS | AUTHENTICATION POLICIES | CORTEX SEARCH SERVICES | DATA METRIC FUNCTIONS | DATASETS | DBT PROJECTS | DYNAMIC TABLES | EVENT TABLES | EXTERNAL TABLES | FILE FORMATS | FUNCTIONS | GIT REPOSITORIES | HYBRID TABLES | IMAGE REPOSITORIES | ICEBERG TABLES | MASKING POLICIES | MATERIALIZED VIEWS | MCP SERVERS | MODELS | MODEL MONITORS | NETWORK RULES | NOTEBOOKS | ONLINE FEATURE TABLES | PACKAGES POLICIES | PASSWORD POLICIES | PIPES | PRIVACY POLICIES | PROCEDURES | PROJECTION POLICIES | ROW ACCESS POLICIES | SECRETS | SEMANTIC VIEWS | SERVICES | SESSION POLICIES | SEQUENCES | SNAPSHOTS | SNAPSHOT POLICIES | SNAPSHOT SETS | STAGES | STREAMS | STREAMLITS | TABLES | TAGS | TASKS | VIEWS.
in_database str
in_schema str

objectTypePlural String: The plural object type of the schema object on which privileges will be granted. Valid values are: AGENTS | AGGREGATION POLICIES | ALERTS | AUTHENTICATION POLICIES | CORTEX SEARCH SERVICES | DATA METRIC FUNCTIONS | DATASETS | DBT PROJECTS | DYNAMIC TABLES | EVENT TABLES | EXTERNAL TABLES | FILE FORMATS | FUNCTIONS | GIT REPOSITORIES | HYBRID TABLES | IMAGE REPOSITORIES | ICEBERG TABLES | MASKING POLICIES | MATERIALIZED VIEWS | MCP SERVERS | MODELS | MODEL MONITORS | NETWORK RULES | NOTEBOOKS | ONLINE FEATURE TABLES | PACKAGES POLICIES | PASSWORD POLICIES | PIPES | PRIVACY POLICIES | PROCEDURES | PROJECTION POLICIES | ROW ACCESS POLICIES | SECRETS | SEMANTIC VIEWS | SERVICES | SESSION POLICIES | SEQUENCES | SNAPSHOTS | SNAPSHOT POLICIES | SNAPSHOT SETS | STAGES | STREAMS | STREAMLITS | TABLES | TAGS | TASKS | VIEWS.
inDatabase String
inSchema String

GrantPrivilegesToAccountRoleOnSchemaObjectFuture, GrantPrivilegesToAccountRoleOnSchemaObjectFutureArgs

ObjectTypePlural string: The plural object type of the schema object on which privileges will be granted. Valid values are: AGENTS | ALERTS | AUTHENTICATION POLICIES | CORTEX SEARCH SERVICES | DATA METRIC FUNCTIONS | DATASETS | DBT PROJECTS | DYNAMIC TABLES | EVENT TABLES | EXTERNAL TABLES | FILE FORMATS | FUNCTIONS | GIT REPOSITORIES | HYBRID TABLES | ICEBERG TABLES | MATERIALIZED VIEWS | MCP SERVERS | MODELS | MODEL MONITORS | NETWORK RULES | NOTEBOOKS | ONLINE FEATURE TABLES | PASSWORD POLICIES | PIPES | PRIVACY POLICIES | PROCEDURES | SECRETS | SEMANTIC VIEWS | SERVICES | SEQUENCES | SNAPSHOT POLICIES | SNAPSHOT SETS | STAGES | STREAMS | STREAMLITS | TABLES | TASKS | VIEWS.
InDatabase string
InSchema string

ObjectTypePlural string: The plural object type of the schema object on which privileges will be granted. Valid values are: AGENTS | ALERTS | AUTHENTICATION POLICIES | CORTEX SEARCH SERVICES | DATA METRIC FUNCTIONS | DATASETS | DBT PROJECTS | DYNAMIC TABLES | EVENT TABLES | EXTERNAL TABLES | FILE FORMATS | FUNCTIONS | GIT REPOSITORIES | HYBRID TABLES | ICEBERG TABLES | MATERIALIZED VIEWS | MCP SERVERS | MODELS | MODEL MONITORS | NETWORK RULES | NOTEBOOKS | ONLINE FEATURE TABLES | PASSWORD POLICIES | PIPES | PRIVACY POLICIES | PROCEDURES | SECRETS | SEMANTIC VIEWS | SERVICES | SEQUENCES | SNAPSHOT POLICIES | SNAPSHOT SETS | STAGES | STREAMS | STREAMLITS | TABLES | TASKS | VIEWS.
InDatabase string
InSchema string

objectTypePlural String: The plural object type of the schema object on which privileges will be granted. Valid values are: AGENTS | ALERTS | AUTHENTICATION POLICIES | CORTEX SEARCH SERVICES | DATA METRIC FUNCTIONS | DATASETS | DBT PROJECTS | DYNAMIC TABLES | EVENT TABLES | EXTERNAL TABLES | FILE FORMATS | FUNCTIONS | GIT REPOSITORIES | HYBRID TABLES | ICEBERG TABLES | MATERIALIZED VIEWS | MCP SERVERS | MODELS | MODEL MONITORS | NETWORK RULES | NOTEBOOKS | ONLINE FEATURE TABLES | PASSWORD POLICIES | PIPES | PRIVACY POLICIES | PROCEDURES | SECRETS | SEMANTIC VIEWS | SERVICES | SEQUENCES | SNAPSHOT POLICIES | SNAPSHOT SETS | STAGES | STREAMS | STREAMLITS | TABLES | TASKS | VIEWS.
inDatabase String
inSchema String

objectTypePlural string: The plural object type of the schema object on which privileges will be granted. Valid values are: AGENTS | ALERTS | AUTHENTICATION POLICIES | CORTEX SEARCH SERVICES | DATA METRIC FUNCTIONS | DATASETS | DBT PROJECTS | DYNAMIC TABLES | EVENT TABLES | EXTERNAL TABLES | FILE FORMATS | FUNCTIONS | GIT REPOSITORIES | HYBRID TABLES | ICEBERG TABLES | MATERIALIZED VIEWS | MCP SERVERS | MODELS | MODEL MONITORS | NETWORK RULES | NOTEBOOKS | ONLINE FEATURE TABLES | PASSWORD POLICIES | PIPES | PRIVACY POLICIES | PROCEDURES | SECRETS | SEMANTIC VIEWS | SERVICES | SEQUENCES | SNAPSHOT POLICIES | SNAPSHOT SETS | STAGES | STREAMS | STREAMLITS | TABLES | TASKS | VIEWS.
inDatabase string
inSchema string

object_type_plural str: The plural object type of the schema object on which privileges will be granted. Valid values are: AGENTS | ALERTS | AUTHENTICATION POLICIES | CORTEX SEARCH SERVICES | DATA METRIC FUNCTIONS | DATASETS | DBT PROJECTS | DYNAMIC TABLES | EVENT TABLES | EXTERNAL TABLES | FILE FORMATS | FUNCTIONS | GIT REPOSITORIES | HYBRID TABLES | ICEBERG TABLES | MATERIALIZED VIEWS | MCP SERVERS | MODELS | MODEL MONITORS | NETWORK RULES | NOTEBOOKS | ONLINE FEATURE TABLES | PASSWORD POLICIES | PIPES | PRIVACY POLICIES | PROCEDURES | SECRETS | SEMANTIC VIEWS | SERVICES | SEQUENCES | SNAPSHOT POLICIES | SNAPSHOT SETS | STAGES | STREAMS | STREAMLITS | TABLES | TASKS | VIEWS.
in_database str
in_schema str

objectTypePlural String: The plural object type of the schema object on which privileges will be granted. Valid values are: AGENTS | ALERTS | AUTHENTICATION POLICIES | CORTEX SEARCH SERVICES | DATA METRIC FUNCTIONS | DATASETS | DBT PROJECTS | DYNAMIC TABLES | EVENT TABLES | EXTERNAL TABLES | FILE FORMATS | FUNCTIONS | GIT REPOSITORIES | HYBRID TABLES | ICEBERG TABLES | MATERIALIZED VIEWS | MCP SERVERS | MODELS | MODEL MONITORS | NETWORK RULES | NOTEBOOKS | ONLINE FEATURE TABLES | PASSWORD POLICIES | PIPES | PRIVACY POLICIES | PROCEDURES | SECRETS | SEMANTIC VIEWS | SERVICES | SEQUENCES | SNAPSHOT POLICIES | SNAPSHOT SETS | STAGES | STREAMS | STREAMLITS | TABLES | TASKS | VIEWS.
inDatabase String
inSchema String

Package Details

Repository: Snowflake pulumi/pulumi-snowflake
License: Apache-2.0
Notes: This Pulumi package is based on the snowflake Terraform Provider.

Viewing docs for Snowflake v2.13.0
published on Thursday, Feb 26, 2026 by Pulumi

Schema (JSON)

pulumi/pulumi-snowflake

snowflake.GrantPrivilegesToAccountRole

On this page

On this page

Create GrantPrivilegesToAccountRole Resource

Constructor syntax

Parameters

Constructor example

GrantPrivilegesToAccountRole Resource Properties

Inputs

Outputs

Look up Existing GrantPrivilegesToAccountRole Resource

Supporting Types

GrantPrivilegesToAccountRoleOnAccountObject, GrantPrivilegesToAccountRoleOnAccountObjectArgs

GrantPrivilegesToAccountRoleOnSchema, GrantPrivilegesToAccountRoleOnSchemaArgs

GrantPrivilegesToAccountRoleOnSchemaObject, GrantPrivilegesToAccountRoleOnSchemaObjectArgs

GrantPrivilegesToAccountRoleOnSchemaObjectAll, GrantPrivilegesToAccountRoleOnSchemaObjectAllArgs

GrantPrivilegesToAccountRoleOnSchemaObjectFuture, GrantPrivilegesToAccountRoleOnSchemaObjectFutureArgs

Package Details

On this page

On this page