From 5d5243800c59279709301fab358c0a519669b9cf Mon Sep 17 00:00:00 2001 From: Itamar Hartstein Date: Tue, 7 Nov 2023 13:31:04 +0200 Subject: [PATCH] get_profile_creation_query: add query history permissions to redshift (#605) --- .../get_profile_creation_query.sql | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/macros/utils/cross_db_utils/get_profile_creation_query.sql b/macros/utils/cross_db_utils/get_profile_creation_query.sql index a859de611..4bd4a14cf 100644 --- a/macros/utils/cross_db_utils/get_profile_creation_query.sql +++ b/macros/utils/cross_db_utils/get_profile_creation_query.sql @@ -51,8 +51,26 @@ CALL GRANT_MONITOR_ON_ALL_WAREHOUSES('{{ parameters["role"] }}'); {% endmacro %} +{% macro redshift__get_profile_creation_query(parameters) %} +-- Create redshift user with unrestricted access to query history (allows Elementary to see queries generated by +-- any user) +CREATE USER {{ parameters["user"] }} WITH PASSWORD '{{ parameters["password"] }}' SYSLOG ACCESS UNRESTRICTED; + +-- Grant read access to the Elementary schema +GRANT USAGE ON SCHEMA {{ parameters["schema"] }} TO {{ parameters["user"] }}; +GRANT SELECT ON ALL TABLES IN SCHEMA {{ parameters["schema"] }} TO {{ parameters["user"] }}; +ALTER DEFAULT PRIVILEGES IN SCHEMA {{ parameters["schema"] }} GRANT SELECT ON TABLES TO {{ parameters["user"] }}; + +-- Grant metadata access to tables in the warehouse +GRANT SELECT ON svv_table_info to {{ parameters["user"] }}; +{% endmacro %} + + {% macro postgres__get_profile_creation_query(parameters) %} +-- Create postgres user CREATE USER {{ parameters["user"] }} WITH PASSWORD '{{ parameters["password"] }}'; + +-- Grant read access to the Elementary schema GRANT USAGE ON SCHEMA {{ parameters["schema"] }} TO {{ parameters["user"] }}; GRANT SELECT ON ALL TABLES IN SCHEMA {{ parameters["schema"] }} TO {{ parameters["user"] }}; ALTER DEFAULT PRIVILEGES IN SCHEMA {{ parameters["schema"] }} GRANT SELECT ON TABLES TO {{ parameters["user"] }};