cztack icon indicating copy to clipboard operation
cztack copied to clipboard

Published 20 hours ago verified publisher icon chanzuckerberg

Terraform modules snowflake-XXX-grant-all should not have OWNERSHIP privileges

Open wconti1017 opened this issue 3 years ago • 1 comments

All the terraform modules have in their privileges list the OWNERSHIP role, for example on the snowflake-warehouse-grant-all module :

"privileges": [
"MODIFY",
"MONITOR",
"OPERATE",
"OWNERSHIP",
"USAGE"
]

This is incorrect, because the actual result of the Snowflake command GRANT ALL ON WAREHOUSE TO ROLE will give the following privileges : MODIFY, MONITOR, OPERATE and USAGE.

wconti1017 avatar Jun 25 '21 09:06 wconti1017

I have this issue too. Please remove OWNERSHIP privileges from all "all" grants

TonyGaul avatar Jul 16 '21 11:07 TonyGaul