小贝子编程

雪花:无法将屏蔽策略分配给标记



我正试图为雪花中的标记分配一个屏蔽策略,但我遇到了所需权限的问题,或者根据我使用的角色缺少对象。

如何进行:

use database DATABASE;
use schema SCHEMA;
--CREATE TAG
create or replace tag sensitive_values; 
--CREATE MASKING POLICY 
create or replace masking policy values_mask as (val int) returns int ->
case
when current_role() in ('SYSADMIN') then val
else null 
end;
--ASSOCIATE MASKING POILCY AND TAG 
alter tag DATABASE.SCHEMA.sensitive_values set masking policy values_mask;

当我使用角色SECURITYADMIN时,我会出现以下错误:SQL compilation error: Database 'DATABASE' does not exist or not authorized.

当我使用角色SYSADMIN时,我会出现以下错误:SQL access control error: Insufficient privileges to operate on tag 'SENSITIVE_VALUES'

我错过了什么?

根据@TomMeacham的建议,我创建了一个特定的角色来管理我的标签:

--CREATE ROLE
use role securityadmin;
create role tag_admin comment = "Admin role manage tag";

GRANT USAGE ON DATABASE DATABASE_NAME TO ROLE tag_admin;
GRANT USAGE ON SCHEMA DATABASE_NAME.SCHEMA_NAME TO ROLE tag_admin;
grant create masking policy on schema DATABASE_NAME.SCHEMA_NAME to role tag_admin;
grant create tag on schema DATABASE_NAME.SCHEMA_NAME to role tag_admin;
use role accountadmin;
grant apply tag on account to tag_admin;
grant apply masking policy on account to role tag_admin;
GRANT ROLE tag_admin TO USER USER_NAME; 
--ASSIGN TAG TO MASKING POLICY 
use role tag_admin;
use database DATABASE_NAME;
use schema SCHEMA_NAME;
alter tag DATABASE_NAME.SCHEMA_NAME.sensitive_values set masking policy values_mask;

现在,标记被分配给屏蔽策略。

相关内容

  • 没有找到相关文章

最新更新


热门标签:

javascript python java c# php android html jquery c++ css ios sql mysql arrays asp.net json python-3.x ruby-on-rails .net sql-server django objective-c excel regex ruby linux ajax iphone xml vba spring asp.net-mvc database wordpress string postgresql wpf windows xcode bash git oracle list vb.net multithreading eclipse algorithm macos powershell visual-studio image forms numpy scala function api selenium