haystack-core-integrations icon indicating copy to clipboard operation
haystack-core-integrations copied to clipboard
verified publisher icon deepset-ai

Snowflake permissions check too restrictive

Open iireland-ii opened this issue 1 year ago • 0 comments

The Snowflake integration checks if a user has 'select only' access from the latest role assigned to the user. This check is too restrictive, if the user has additional permission outside of select only then the pipeline will fail (pattern="truncate|update|insert|delete|operate|references")

Additionally due to limitations with the connection param integration you cannot pass a snowflake 'role' to the connection params (this issue is related to 1179) if you wanted to specify a role for the connection.

Solution

  • Add additional connection parameters to allow for a specific role
  • Amend the permissions checker to only check for select access.

iireland-ii avatar Nov 12 '24 16:11 iireland-ii