Application roles in the Snowflake Connector for MySQL¶
Note
The Snowflake Connector for MySQL is subject to the Connector Terms.
The following sections describe application roles available in the connector application:
ADMIN
AGENT
VIEWER
DATA_READER
All the application roles are automatically assigned to the account level role responsible for installing the application on the account. They can be then reassigned for easier control over the connector application access. More on that: GRANT APPLICATION ROLE.
ADMIN application role¶
The ADMIN
application role can be used to view connector configuration and state.
It also allows to execute procedures contained in the application.
AGENT application role¶
The AGENT
application role is used by the agent in order to be able to perform replication process. Should not be used manually.
VIEWER application role¶
The VIEWER
application role provides access to view basic configuration of the connector.
DATA_READER application role¶
The DATA_READER
application role can be used to give read privileges on replicated data without access to the connector application itself.
In order to view replicated data, a user needs to have following privileges:
USAGE
grant on destination database
USAGE
grant on destination schema
SELECT
grant on destination table
The connector grants USAGE
/ SELECT
privileges to this role on all destination databases, schemas and tables created by the application.
Attention
Be aware, that the DATA_READER
application role is provided with privileges only on objects created by the application.
If the destination database or destination schema already exists and is not owned by the connector application,
the connector won’t be able to grant proper privileges to the DATA_READER
role on these objects.
In such case, account level roles with the DATA_READER
application role need to be manually supplemented with the USAGE
grant on these objects.