(Glue-2305) App Authorizations

Owned by Robert Adamec
Last updated: Jul 06, 2023 by Marian Vidra
2 min read

Currently, there are four application roles with the native application:

SNP_GLUE_APP

This application role grants you access to the APP’s schema and all of its contents. It is read-only permission and at the moment it grants access to the settings, logs, and active tables.

SNP_GLUE_CORE

In the case of using this application as an API only, granting this application role will suffice.

This application role grants access to all stored procedures within the application. Thus, it allows complete control over the application except for application role granting. Must be granted to SNP GlueTM user for successful table replication.

SNP_GLUE_SAP

All objects created inside the Source schemas, e.g. replicated table, will be invisible without this application role.

This application role grants access to all sources, their replicated tables, tasks, views, streams, and historical tables. All-access is read-only except the replicated tables, on which all privileges are granted. Must be granted to SNP GlueTM user for successful table replication.

SNP_GLUE_UI

In case UI is sufficient for controlling the app, only grant this application role.

This application role grants access to the Streamlit UI. Therefore, the user will be able to use the front end of the application.

Granting Application roles:

There are 2 ways to grant application roles, the first one is using commands in a worksheet and the second one is using the app’s Streamlit UI.

  1. GRANT APPLICATION ROLE SNP_GLUE_CORE TO ROLE "<Account role>"; GRANT APPLICATION ROLE SNP_GLUE_SAP TO ROLE "<Account role>";

  2. After opening the Streamlit UI, click Manage Access in the right-top corner. Select to which account role you want to grant privileges. Then select application roles to be granted by clicking on the currently granted privileges, click Done, and then Done again.