Created
August 12, 2020 16:08
-
-
Save PedroMartinSteenstrup/2392f022e3dad3dd0e8ca0d31355b513 to your computer and use it in GitHub Desktop.
Get users and their role in snowflake
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
CREATE OR REPLACE TABLE DBUSERS ( | |
NAME VARCHAR, | |
CREATED_ON TIMESTAMP_LTZ, | |
LOGIN_NAME VARCHAR, | |
DISPLAY_NAME VARCHAR, | |
FIRST_NAME VARCHAR, | |
LAST_NAME VARCHAR, | |
EMAIL VARCHAR, | |
MINS_TO_UNLOCK VARCHAR, | |
DAYS_TO_EXPIRY VARCHAR, | |
TCOMMENT VARCHAR, | |
DISABLED VARCHAR, | |
MUST_CHANGE_PASSWORD VARCHAR, | |
SNOWFLAKE_LOCK VARCHAR, | |
DEFAULT_WAREHOUSE VARCHAR, | |
DEFAULT_NAMESPACE VARCHAR, | |
DEFAULT_ROLE VARCHAR, | |
EXT_AUTHN_DUO VARCHAR, | |
EXT_AUTHN_UID VARCHAR, | |
MINS_TO_BYPASS_MFA VARCHAR, | |
OWNER VARCHAR, | |
LAST_SUCCESS_LOGIN TIMESTAMP_LTZ, | |
EXPIRES_AT_TIME TIMESTAMP_LTZ, | |
LOCKED_UNTIL_TIME TIMESTAMP_LTZ, | |
HAS_PASSWORD VARCHAR, | |
HAS_RSA_PUBLIC_KEY VARCHAR, | |
REFRESH_DATE TIMESTAMP_LTZ DEFAULT CURRENT_TIMESTAMP() | |
) | |
COMMENT = "stores snapshot of current snowflake users"; | |
CREATE OR REPLACE TABLE DBROLES ( | |
CREATED_ON TIMESTAMP_LTZ, | |
NAME VARCHAR, | |
IS_DEFAULT VARCHAR, | |
IS_CURRENT VARCHAR, | |
IS_INHERITED VARCHAR, | |
ASSIGNED_TO_USERS NUMBER, | |
GRANTED_TO_ROLES NUMBER, | |
GRANTED_ROLES NUMBER, | |
OWNER VARCHAR, | |
RCOMMENT VARCHAR, | |
REFRESH_DATE TIMESTAMP_LTZ DEFAULT CURRENT_TIMESTAMP() | |
) | |
COMMENT = "stores snapshot of current snowflake roles" ; | |
CREATE OR REPLACE TABLE DBGRANTS ( | |
CREATED_ON TIMESTAMP_LTZ, | |
PRIVILEGE VARCHAR, | |
GRANTED_ON VARCHAR, | |
NAME VARCHAR, | |
GRANTED_TO VARCHAR, | |
GRANTEE_NAME VARCHAR, | |
GRANT_OPTION VARCHAR, | |
GRANTED_BY VARCHAR, | |
REFRESH_DATE TIMESTAMP_LTZ DEFAULT CURRENT_TIMESTAMP() | |
) | |
COMMENT = "‘stores snapshot of current grants’" ; | |
--- | |
CREATE OR REPLACE PROCEDURE SNAPSHOT_USERS() | |
RETURNS VARCHAR | |
LANGUAGE JAVASCRIPT | |
COMMENT = "Captures the snapshot of users and inserts the records into dbusers" | |
EXECUTE AS CALLER | |
AS | |
$$ | |
var result = "SUCCESS"; | |
try {snowflake.execute( {sqlText: "TRUNCATE TABLE DBUSERS;"} ); | |
snowflake.execute( {sqlText: "show users;"} ); | |
var dbusers_tbl_sql = `insert into dbusers select * ,CURRENT_TIMESTAMP() from table(result_scan(last_query_id()));`; | |
snowflake.execute( {sqlText: dbusers_tbl_sql} ); | |
} catch (err) | |
{result = "FAILED: Code: " + err.code + "\n State: " + err.state;result += "\n Message: " + err.message;result += "\nStack Trace:\n" + err.stackTraceTxt;} | |
return result; | |
$$ | |
; | |
CREATE OR REPLACE PROCEDURE SNAPSHOT_ROLES() | |
RETURNS VARCHAR | |
LANGUAGE JAVASCRIPT | |
COMMENT = "Captures the snapshot of roles and inserts the records into ANALYST_SANDBOX.dbroles" | |
EXECUTE AS CALLER | |
AS | |
$$ | |
var result = "SUCCESS"; | |
try { | |
snowflake.execute( {sqlText: "truncate table DBROLES;"} ); | |
snowflake.execute( {sqlText: "show roles;"} ); | |
var dbroles_tbl_sql = ` | |
insert into dbroles select *,CURRENT_TIMESTAMP() from table(result_scan(last_query_id())); | |
`; | |
snowflake.execute( {sqlText: dbroles_tbl_sql} ); | |
} catch (err) { | |
result = "FAILED: Code: " + err.code + "\n State: " + err.state; | |
result += "\n Message: " + err.message; | |
result += "\nStack Trace:\n" + err.stackTraceTxt; | |
} | |
return result; | |
$$ | |
; | |
CREATE OR REPLACE PROCEDURE SNAPSHOT_GRANTS() | |
RETURNS VARCHAR | |
LANGUAGE JAVASCRIPT | |
COMMENT = "Captures the snapshot of grants and inserts the records into dbgrants" | |
EXECUTE AS CALLER | |
AS | |
$$ | |
function role_grants() { | |
var obj_rs = snowflake.execute({sqlText: `SELECT NAME FROM DBROLES;`}); | |
while(obj_rs.next()) { | |
snowflake.execute({sqlText: `show grants to role "` + obj_rs.getColumnValue(1) + `" ;` }); | |
snowflake.execute( {sqlText: `insert into DBGRANTS select *, CURRENT_TIMESTAMP() from table(result_scan(last_query_id()));` | |
}); | |
snowflake.execute({sqlText: `show grants on role "` + obj_rs.getColumnValue(1) + `" ;` }); | |
snowflake.execute( {sqlText: `insert into DBGRANTS select *,CURRENT_TIMESTAMP() from table(result_scan(last_query_id()));` | |
}); | |
} | |
} | |
// — — — — — — — — — — — — — — — — — — — — — — — — | |
function user_grants(){ | |
var obj_rs = snowflake.execute({sqlText: `SELECT NAME FROM DBUSERS;`}); | |
while(obj_rs.next()) { | |
snowflake.execute({sqlText: `show grants to user "` + obj_rs.getColumnValue(1) + `" ;` }); | |
snowflake.execute( {sqlText: `insert into DBGRANTS select *,null,null,null,CURRENT_TIMESTAMP() from table(result_scan(last_query_id()));` | |
}); | |
snowflake.execute({sqlText: `show grants on user "` + obj_rs.getColumnValue(1) + `" ;` }); | |
snowflake.execute( {sqlText: `insert into DBGRANTS select *, CURRENT_TIMESTAMP() from table(result_scan(last_query_id()));` | |
}); | |
} | |
} | |
// — — — — — — — — — — — — — — — — — — — — — — — — | |
var result = "SUCCESS"; | |
try { | |
snowflake.execute( {sqlText: "truncate table DBGRANTS;"} ); | |
role_grants(); | |
user_grants(); | |
} catch (err) { | |
result = "FAILED: Code: " + err.code + "\n State: " + err.state; | |
result += "\n Message: " + err.message; | |
result += "\nStack Trace:\n" + err.stackTraceTxt; | |
} | |
return result; | |
$$ | |
; | |
SELECT * FROM DBROLES; | |
select * from DBusers; | |
select * from DBGRANTS; | |
call SNAPSHOT_USERS(); | |
call SNAPSHOT_ROLES(); | |
call SNAPSHOT_GRANTS(); |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment