在DBT Cloud中,使用雪花使用Snowflake创建“ DBT Transformer”的好标准是一个好标准。 DBT Run使用的角色 - 我的不起作用
我可以完成DBT上班的唯一方法是将其连接成一个帐户(糟糕)。执行DBT模型时,任何其他角色都会使我“表XXX上的特权不足”。我正在使用连接到雪花的DBT云。我创建了以下角色,我想使用的角色,但是我的赠款似乎不起作用,可以允许使用这个新角色来运行我的模型。
创建对象
。
dbt_user的形式连接,并在Analytics.dbt_ddumas中
我的dbt云“ dev”目标配置文件以
use role accountadmin;
CREATE ROLE dbt_role
GRANT ROLE dbt_role TO ROLE sysadmin
GRANT USAGE ON WAREHOUSE transform_wh TO ROLE dbt_role
GRANT ALL ON database analytics TO ROLE dbt_role
grant ALL ON ALL schemas in database analytics to role dbt_role;
grant ALL ON future schemas in database analytics to role dbt_role;
grant ALL ON ALL tables in SCHEMA analytics.dbt_ddumas to role dbt_role;
grant ALL ON future tables in SCHEMA analytics.dbt_ddumas to role dbt_role;
grant ALL ON ALL views in SCHEMA analytics.dbt_ddumas to role dbt_role;
grant ALL ON future views in SCHEMA analytics.dbt_ddumas to role dbt_role;
CREATE USER dbt_user PASSWORD = 'Password123' MUST_CHANGE_PASSWORD = FALSE;
GRANT ROLE dbt_role TO USER dbt_user;
The only way I can get dbt run to work is by connecting as an accountadmin (bad). Any other role gives me "insufficient privileges on table xxx" when executing dbt models. I am using DBT cloud connecting to snowflake. I have created the following with a role that I wanted to use, but it seems that my grants do not work, to allow running my models with this new role.
my dbt cloud "dev" target profile connects as dbt_user, and creates objects in analytics.dbt_ddumas
Below is my grant script, run by an accountadmin:
There must be an easier way than this below, which is not even working :(
Dave
use role accountadmin;
CREATE ROLE dbt_role
GRANT ROLE dbt_role TO ROLE sysadmin
GRANT USAGE ON WAREHOUSE transform_wh TO ROLE dbt_role
GRANT ALL ON database analytics TO ROLE dbt_role
grant ALL ON ALL schemas in database analytics to role dbt_role;
grant ALL ON future schemas in database analytics to role dbt_role;
grant ALL ON ALL tables in SCHEMA analytics.dbt_ddumas to role dbt_role;
grant ALL ON future tables in SCHEMA analytics.dbt_ddumas to role dbt_role;
grant ALL ON ALL views in SCHEMA analytics.dbt_ddumas to role dbt_role;
grant ALL ON future views in SCHEMA analytics.dbt_ddumas to role dbt_role;
CREATE USER dbt_user PASSWORD = 'Password123' MUST_CHANGE_PASSWORD = FALSE;
GRANT ROLE dbt_role TO USER dbt_user;
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
对于任何与雪花新手新手DBT新手的人,这是您需要做的事情,以设置DBT角色以运行模型,测试等,DBT Run,DBT测试等
经过很多挫败感,并且愿意节省他人的痛苦I经历了...
这是针对较低的环境。前开发或测试
步骤0:登录为AccountAdmin,或让AccountAdmin执行此操作:
步骤1:创建一个仓库。前任。 transform_wh
步骤2:创建数据库EX。分析
在下面运行此操作,将正确的密码替换为DBT_USER:
注意:不要以AccountAdmin的形式创建任何模式。那是我的主要问题,所以不要犯这个错误。回复此消息的用户的答复不知道这一点,他的答复也将起作用。执行DBT_RUN时,DBT_LOADER_DEV角色将执行此操作。如果您这样做,则在尝试创建模式,表和视图时,DBT_LOADER_DEV将获得“特权不足”错误。
- 应授予Sysadmin的自定义角色
- 这些赠款是您需要运行的全部,以便DBT_LOADER_DEV可以完成任何DBT运行,DBT测试等所需的一切
!享受!
戴夫(编辑)
For anyone who is new to DBT with snowflake, here is what you need to do to setup a dbt role to run models, test, etc with dbt run, dbt test, etc
After much frustration, and a willingness to save others the pain I went through...
This is for a lower environment . Ex dev or test
Step 0: Login as an accountadmin, or have an accountadmin do this:
Step 1: create a warehouse . Ex. transform_wh
Step 2: create a database Ex. Analytics
Run this below, substituting the proper password for dbt_user:
NOTE: DO NOT CREATE ANY SCHEMAS AS ACCOUNTADMIN. That was my main problem, so do not make that mistake. The reply from the user who replied to this message did not know that, and his reply would work also. The dbt_loader_dev role will do this as you execute dbt_run. If you do, dbt_loader_dev will get "insufficient privileges" errors when trying to create schemas, tables, and views.
-- custom roles should be granted to sysadmin
-- these grant are all you need to run so that dbt_loader_dev can do all that it needs to for any dbt run, dbt test, etc
That's it! Enjoy!
Dave (edited)
我建议遵循克莱尔(Claire)在 dbt话语涵盖了这个确切的主题。
确切了解您无法从中读取哪个表,模式或数据库将很有帮助。您说
我的DBT Cloud“ Dev”目标配置文件作为DBT_USER连接,并在Analytics.dbt_ddumas中创建对象,但是它从中读取了哪些数据库和模式? (您的来源在哪里)?您的大多数赠款都将面向读取现有数据,因为DBT Cloud将创建您的dbt_ddumasschema,因此拥有它以及它创建的其他所有关系。假设您的原始数据位于名为
RAW的数据库中,那么我将您的脚本更改为:I recommend following the excellent article by Claire on the dbt Discourse that covers this exact topic.
It would be helpful to know exactly what table, schema, or database you are unable to read from. You say
my dbt cloud "dev" target profile connects as dbt_user, and creates objects in analytics.dbt_ddumas, but what databases and schemas is it reading from? (Where are your sources located)? Most of your grants will be oriented to reading existing data, since dbt Cloud will create yourdbt_ddumasschema, and therefore own it and every other relation that it creates.Assuming your raw data is located in a database called
raw, then I would change your script to: