Which Snowflake role can manage any object grant globally, including modifying and revoking grants?
Which Snowflake role can manage any object grant globally, including modifying and revoking grants?
The SECURITYADMIN role can manage any object grant globally, including modifying and revoking grants. This role has the MANAGE GRANTS security privilege, which allows it to manage privileges at a global level. It also has the capabilities to create, monitor, and manage users and roles, making it suitable for controlling access permissions within Snowflake.
SECURITYADMIN (Security Administrator): -This role can manage any object grant globally. -It has the ability to create, monitor, and manage users and roles. -It is granted the MANAGE GRANTS security privilege to be able to modify any grant, including revoking it. -It inherits the privileges of the USERADMIN role via the system role hierarchy.
https://docs.snowflake.com/en/user-guide/security-access-control-considerations