Why does the Snowflake connector need the OWNERSHIP role?

  • Is this your first time deploying Airbyte?: No
  • OS Version / Instance: Windows
  • Memory / Disk: not specified
  • Deployment: Kubernetes
  • Airbyte Version: 0.35.65-alpha
  • Source name/version: MongoDB (0.1.13)
  • Destination name/version: Snowflake (0.4.24)
  • Step: This is related to the steup of the connector
  • Description:

I am trying to plan a deployment of many Snowflake Objects into my Snowflake environment, and have come across the need for the Snowflake destination ROLE to be granted the OWNERSHIP privilege
(seen here: Snowflake | Airbyte Documentation)

This is causing complications to my scripts, so I am trying to understand why the ROLE requires OWNERSHIP - and what alternative I can use safely?

Hi @markmacumber,
The role needs to have the OWNERSHIP privilege because it should be able to create and manage the Snowflake resources in the database and schema.

Why is it causing complications? Did you have an alternative privilege in mind?

Hi @alafanechere

The complications are contextual to my integration situation, but basically there may be other roles that need to have OWNERSHIP on that DB - which you cannot share multiple db owners.

It is feasible to grant CREATE/ALTER/etc. privileges and still work OK? From the Snowflake doco the OWNERSHIP is a special privilege that allows change of ownership and renaming of object so seems like you could get away with it?

The safest way would be to create a dedicated DB for Airbyte. But you can try to tweak it as you suggested and see if it works! Let me know how it goes.

thanks again @alafanechere - ill try that for now, feel risky to avoid the OWNER permission in case something is needed in a future version