创建了一个名为DEV_USER的用户,该用户属于DEV_ROLE角色。
GRANT USAGE ON WAREHOUSE MYWH TO ROLE DEV_ROLE;
CREATE USER DEV_USER PASSWORD = 'secrets' COMMENT = 'Dev User' LOGIN_NAME = 'DEV_USER' DISPLAY_NAME = 'Development Only User' DEFAULT_ROLE = 'DEV_ROLE' DEFAULT_WAREHOUSE = 'MYWH' MUST_CHANGE_PASSWORD = FALSE;
ALTER USER DEV_USER SET DEFAULT_NAMESPACE = 'PUBLIC';
GRANT ROLE DEV_ROLE TO USER DEV_USER;
GRANT ROLE DEV_ROLE TO USER MYUSERACCT;
GRANT ALL ON DATABASE DEV_DB TO ROLE DEV_ROLE WITH GRANT OPTION;
GRANT ALL ON DATABASE "DEV_DB" TO ROLE "DEV_ROLE" WITH GRANT OPTION;
GRANT ALL ON SCHEMA "DEV_DB"."PUBLIC" TO ROLE "DEV_ROLE" WITH GRANT OPTION;
我使用MYUSERACCT登录。我默认使用DEV_ROLE。我转到数据库,尝试将DEV_DB克隆到DEV_DB_CLONE,但出现以下错误:
无法创建数据库DEV_DB_CLONE。 SQL访问控制错误:权限不足,无法对帐户“ XX12345”进行操作
很明显,如果我将用户设置为SYSADMIN或ACCOUNTADMIN,它将可以正常工作。但是当我设置为DEV_ROLE时,我需要将它设为CLONE。
我想念什么?
答案 0 :(得分:2)
security access control privileges说,要进行克隆,您需要通过角色获得CREATE DATABASE的全局特权
CREATE USER DEV_USER1 PASSWORD = 'secrets' COMMENT = 'Dev User' LOGIN_NAME = 'DEV_USER' DISPLAY_NAME = 'Development Only User';
CREATE ROLE CLONE_ROLE;
GRANT CREATE DATABASE ON ACCOUNT TO ROLE CLONE_ROLE;
GRANT ROLE CLONE_ROLE TO USER DEV_USER1;
DROP USER DEV_USER1;
DROP ROLE CLONE_ROLE;