Skip to main content
Skip table of contents

Permissions

Permissions are used to manage role based access and control privileges on entities in the target database. Available grantees (roles) and permissions are managed in CONFIG_ENTITY_PERMISSIONS.


See also:


Usage

Select a ROLE and one or several PERMISSIONS to grant to the role.

Set WITH GRANT OPTION: true if the grantee should be allowed to grant the given permission to others (default: false).


Notes

Check Export SQL/Entity SQL after defining permissions to see generated DDL.

Google BigQuery pre-mapped permissions
For Google BigQuery permissions are mapped to the predefined IAM roles defined in Google BigQuery predefined roles and permissions.

SELECT permission is mapped to roles/bigquery.dataViewer
INSERT permission is mapped to roles/bigquery.dataEditor
ALL permission is mapped to roles/bigquery.dataOwner


Examples

Precondition
Grantees and permissions have to be defined in CONFIG_ENTITY_PERMISSIONS before they can be used here.

Grant SELECT to READER role in Snowflake

Permission definition:

DEFINITION
GRANTEE NAME: READER
PERMISSION 1: SELECT
WITH GRANT OPTION: false

DDL generated by Agile Data Engine:

SQL
GRANT SELECT ON pub.F_TRIP TO ROLE READER;

Grant SELECT to READER group in Amazon Redshift

Permission definition:

DEFINITION
GRANTEE NAME: READER
PERMISSION 1: SELECT
WITH GRANT OPTION: false

DDL generated by Agile Data Engine:

SQL
GRANT SELECT ON pub.F_TRIP TO GROUP READER;

Grant SELECT to READER role in Azure SQL Database and Azure Synapse SQL

Permission definition:

DEFINITION
GRANTEE NAME: READER
PERMISSION 1: SELECT
WITH GRANT OPTION: false

DDL generated by Agile Data Engine:

SQL
GRANT SELECT ON [pub].[F_TRIP] TO [READER];

Grant SELECT to reader@my_organization.com group in Google BigQuery

Permission definition:

DEFINITION
GRANTEE NAME: READER
PERMISSION 1: SELECT
WITH GRANT OPTION: false (this option is not supported in Google BigQuery)

DDL generated by Agile Data Engine:

SQL
GRANT `roles/bigquery.dataViewer` ON pub.F_TRIP TO "group:reader@my_organization.com";
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.