Is there any means of querying Snowflake for all the roles (and/or users) where a specific privilege has been granted? I know how to show grants to <role> but I’m not so sure of how to find the roles that have a grant.
This is not something that needs to happen regularly–i’m just looking for ways to better understand this instance and its usage.
Advertisement
Answer
Thanks to Himanshu, I was able to work out a query that answers my question exactly:
select distinct(grantee_name) from snowflake.account_usage.grants_to_roles -- this system view is updated every ~120 minutes where privilege = 'USAGE' -- name of the privilege and granted_on = 'WAREHOUSE' -- not strictly necessary, but name of the type of object and name = 'MY_SPECIFIC_WAREHOUSE'; -- the important constraint for my case