-
Notifications
You must be signed in to change notification settings - Fork 17
Table Reports
This sheet provides quick access to the contents of this report and provides at-a-glance number of rows in each of the sheet's tables.
Column | Data Type | Purpose |
---|---|---|
Sheet Name | String | Name of the sheet in the report |
Num Entities | Integer | Number of Entities in that sheet |
Link | Hyperlink | Link to the sheet in the report |
List of Users and their properties.
Produced by running SHOW USERS (https://docs.snowflake.com/en/sql-reference/sql/show-users.html) and DESCRIBE USER (https://docs.snowflake.com/en/sql-reference/sql/desc-user.html) commands.
Properties in UPPERCASE are documented in ALTER USER (https://docs.snowflake.com/en/sql-reference/sql/alter-user.html) command.
Column | Data Type | Purpose |
---|---|---|
NAME | String | Name of the User object |
LOGIN_NAME | String | Login name of the User |
Owner | String | Role that owns this User object |
IsSSOEnabled | Boolean | Is User SSO enabled (no password) |
IsObjectIdentifierSpecialCharacters | Boolean | Does User name include special characters that would cause it to need to be quoted |
CreatedOn | Datetime | When User was created on, local time |
CreatedOnUTC | Datetime | When User was created on, UTC time |
FIRST_NAME | String | |
LAST_NAME | String | |
MIDDLE_NAME | String | |
DISPLAY_NAME | String | |
String | ||
COMMENT | String | |
DEFAULT_ROLE | String | |
DEFAULT_NAMESPACE | String | |
DEFAULT_WAREHOUSE | String | |
DISABLED | Boolean | |
MUST_CHANGE_PASSWORD | Boolean | |
DAYS_TO_EXPIRY | Integer | |
MINS_TO_BYPASS_MFA | Integer | |
MINS_TO_BYPASS_NETWORK_POLICY | Integer | |
MINS_TO_UNLOCK | Integer | |
SNOWFLAKE_LOCK | String | |
SNOWFLAKE_SUPPORT | String | |
EXT_AUTHN_DUO | Boolean | |
EXT_AUTHN_UID | String | |
RSA_PUBLIC_KEY_FP | String | |
RSA_PUBLIC_KEY_2_FP | String | |
PASSWORD_LAST_SET_TIME | Datetime | |
PASSWORD_LAST_SET_TIMEUTC | Datetime |
Timeline of User creation.
This sheet uses data in Users sheet as source for pivot table, showing Counts of Users created by Owners over time.
Columns | Rows | Values | Filters |
---|---|---|---|
Owner | |||
Years | |||
Months | |||
Days | |||
Hours | |||
CreatedOn | |||
NumUsers (Count) | |||
DEFAULT_ROLE | |||
IsSSOEnabled |
In this example, we are showing all Users created over years by different Owner Roles:
List of Users that is a direct result of SHOW USERS command.
List of Roles and their properties.
Produced by running SHOW ROLES (https://docs.snowflake.com/en/sql-reference/sql/show-roles.html) and combining it with results of SHOW GRANTS TO and SHOW GRANTS ON commands.
Column | Data Type | Purpose |
---|---|---|
Name | String | Name of the Role object |
Owner | String | Role that owns this Role object |
Type | String | Type of this role (see Role Type section below) |
IsInherited | Boolean | Is this role inherited |
NumAssignedUsers | Integer | Number of Users assigned to this Role |
NumChildRoles | Integer | Number of Roles that this Role contains |
NumParentRoles | Integer | Number of Roles that contain this Role |
AssignedUsers | String | List of Users assigned to this Role |
ChildRoles | String | List of Roles that this Role contains |
ParentRoles | String | List of Roles that contain this Role |
AncestryPaths | String | List of all the unique paths to the parent role |
NumAncestryPaths | Integer | Number of all the unique paths to the parent role |
Comment | String | |
IsObjectIdentifierSpecialCharacters | String | Does Role name include special characters that would cause it to need to be quoted |
CreatedOn | Datetime | When Role was created on, local time |
CreatedOnUTC | Datetime | When Role was created on, UTC time |
Role type is determined by examining Role Names, hierarchy and grants.
Set for ACCOUNTADMIN, SECURITYADMIN, USERADMIN, SYSADMIN roles.
Set for children of USERADMIN roles that are named OKTA_PROVISIONER, AAD_PROVISIONER and GENERIC_SCIM_PROVISIONER.
Set for children of SECURITYADMIN or USERADMIN roles that are not already classified as SCIM.
Set to Access if the role Grants include at least one of each:
- SCHEMA permissions other than USAGE, OWNERSHIP and MONITOR
- TABLE permisions other than USAGE, OWNERSHIP, REFERENCES or REBUILD
- VIEW permisions other than USAGE, OWNERSHIP, REFERENCES or REBUILD
If the role is Access but does not roll up to SYSADMIN, set to AccessNotUnderSysadmin.
Set to Functional is role is not Access and includes at least one USAGE grant on another Role.
If the role is Functional but does not roll up to SYSADMIN, set to FunctionalNotUnderSysadmin.
When none of the above checks succeed and role does not rolls up to ACCOUNTADMIN.
When none of the above checks succeed and role rolls up to ACCOUNTADMIN.
Timeline of Role creation.
This sheet uses data in Roles sheet as source for pivot table, showing Counts of Roles created by Owners over time.
Columns | Rows | Values | Filters |
---|---|---|---|
Owner | |||
Years | |||
Months | |||
Days | |||
Hours | |||
CreatedOn | |||
NumRoles (Count) | |||
DEFAULT_ROLE | |||
IsSSOEnabled |
In this example, we are showing all Roles created over years and months by different Owner Roles:
Hierarchy of Roles in tabular form.
List of Roles that is a direct result of SHOW ROLES command.
Members of Roles (other Roles and Users).
Timeline of Role Member assignment/creation.
List of Role Members that is a direct result of SHOW GRANTS OF command.
List of Grants from SHOW GRANTS TO and SHOW GRANTS ON commands.
Pivot table of Grants showing Counts by Object Type/Object Name/Privilege/Granted To.
Pivot of Grants showing Counts of Privileges by Object Name/Granted To.
Pivot of Grants showing Counts of Privileges by Granted To/Object Type/Object Name.
List of Grants for this specific Object Type. Identical to contents of Grants.
Table of Grants for this specific Object Type, with Roles in the rows and Privileges in columns.
Single screen view of all permissions in Database, including collapsable groups under each Schema, color-coding of permissions, and popups for long lists of permissions