Knowing Snowflake Roles and How Their Management

Snowflake, which serves as a cloud base for storing data, allows users to be corporate or individuals to analyse their data using specialised software. In the process of having the control to access objects, Snowflake uses role for it. Roles are generally given access privileges for objects in the system such as the databases, tables, etc. They allow users the right to create, change, and allow to use the objects based on the privileges assigned to the roles. Roles control virtual warehouses, tables, and databases found in Snowflake, and it also grants access to the users. Snowflake role management provides already set roles, alongside the basis for explaining the hierarchy of customs roles. The roles assigned to each user automatically are called Public Role, enabling access to the primary object and log in. Aside from being given a PUBLIC role, users can be given more roles, having roles assigned as a default role. The user default role ascertains which role will be used in the user’s Snowflake sessions. Not to worry, as users can modify roles per session at any given time as it is only a default. In a nutshell, roles can be given at a user creation phase or better still afterwards.

Few Points About Snowflake Role

Generally speaking, Snowflake uses role-based access control, which means that no matter who the user is, what is essential is the role they have activated when performing a task. For example, take an object like a table when designed, automatically the object’s owner. It is important to note that an object can be dropped when the leading role becomes the object’s owner.

Role Management Using Snowflake

Snowflake adopts the snowflakes role system to gain access in the system. Objects are used to represent each user when granted access to the Snowflake. This object helps to save details concerning the user, their login information, including name and passwords. The following commands are used to manage users in the system; Create User option, Alter User option, Drop User option and the Describe User option. Each is allowing users to perform a specific task. Like the Describe User helps users view information while changing default roles or parameters is done using the Alter User option.

Managing the Other Roles

Aside from the traditional role that is assigned, there is the SysAdmin Role and the Account Admin Role. We already know that the initial role had ownership right of the database. Since there is already an owner, SysAdmin, therefore, does not own the database. This tends to be a problem since SysAdmin is the sole administrator for objects that are of a non-security nature in the account. Role inheritance seems to be the only way to solve this, as it gives ownership to each owner role but grants the custom role to SysAdmin. In the same vein, SysAdmin does not have direct ownership of the database but is granted ownership. The Account Admin helps the database while giving ownership of the database to the owner role, making SysAdmin not have access to it, and AccountAdmin ends up not being the owner. Account Admin uses the grant privileges to give ownership to the role of SysAdmin, which acts as the owner for a short period. SysAdmin needs to be granted the right to own roles as they are created or else it won’t manage them.


As we have been made to understand, Snowflake provides commands for users to manage their account effectively. These commands are only carried out by users who are given roles, and they have ownership rights on the object, which is restricted to the AccountAdmin and security admin roles.

Leave a Reply

Your email address will not be published. Required fields are marked *