我们希望确保共享的任何/所有表也分配有行访问策略。有没有办法列出哪些表正在共享?
(来自https://www.reddit.com/r/snowflake/comments/1bz939f/list_the_tables_in_a_database_that_are_being/)
基础知识:
show shares
,您可以找到帐户上所有创建的共享(具有角色 accountadmin
或具有足够权限的角色)snowflake.account_usage.policy_references
上列出。这里的挑战是,如果不进行一点数据操作,您无法在后续查询中直接使用
show
的结果。
为了方便起见,我创建了一个 Snowflake Python 存储过程来完成所有步骤:
use role accountadmin;
-- anonymous procedure, will call() at the end
with x as procedure()
returns table()
language python
runtime_version='3.11'
packages = ('snowflake-snowpark-python')
handler='run'
as $$
from snowflake.snowpark.functions import col
def run(session):
# list all the shares
shares = session.sql('show shares').filter(col('"kind"')=='OUTBOUND')
table_names = set()
# for each share, find the table names
for share in shares.to_local_iterator():
shared_objects = session.sql('desc share identifier(:1)', (share['name'],)).collect()
table_names.update([x['name'] for x in shared_objects if x['kind']=='TABLE'])
# find which of these table names don't have a ROW_ACCESS_POLICY on snowflake.account_usage.policy_references
return session.sql('''
with entities_with_row_access_policies as (
select ref_database_name || '.' || ref_schema_name || '.' || ref_entity_name full_name
from snowflake.account_usage.policy_references
where policy_kind = 'ROW_ACCESS_POLICY'
)
select value table_name
from table(split_to_table(:1, ','))
where table_name not in (
select full_name
from entities_with_row_access_policies
)
''', (','.join(table_names), ))
$$
call x();