(Glue-2405) App Authorizations

Owned by SNP
May 21, 2024
2 min read

Currently, there are four application roles with the native application:

SNP_GLUE_APP

This application role grants you access to the APP schema and all of its contents. It is read-only permission and at the moment it grants access to the settings, active tables other application metadata.

SNP_GLUE_CORE

In the case of using this application as an API only, granting this application role will suffice.

This application role grants access to all stored procedures within the application. Thus, it allows complete control over the application except for application role granting. Must be granted to SNP Glue™ user for successful table replication.

SNP_GLUE_SAP

All objects created by the application, e.g. replicated table, will be invisible without this application role.

This application role grants access to all databases and schemas created by the application, and their replicated tables, tasks, views, streams, and merge tables. All access is read-only except the replicated and merge tables, on which all privileges are granted. Must be granted to SNP Glue™ user for successful table replication.

This role also contains 5 sub-roles. Each of them grants permission to each type of object application generates.

SNP_GLUE_SAP_MERGE_TABLE

Grants you read-write access to merge tables, tables containing de-duplicated data, generated by the application.

SNP_GLUE_SAP_STAGE_TABLE

Grants you read-only access to stage tables, tables where data is loaded from glue, generated by the application.

SNP_GLUE_SAP_STREAM

Grants you read-only access to streams generated by the application.

SNP_GLUE_SAP_TASK

Grants you read-only access to tasks generated by the application.

SNP_GLUE_SAP_VIEW

Grants you read-only access to views generated by the application.

SNP_GLUE_UI

In case UI access is sufficient, only grant this application role.

This application role grants access to the Streamlit UI. Therefore, the user will be able to use the front end of the application.

Granting Application roles:

There are two ways to grant application roles, the first one is using commands in a worksheet and the second one is using the app’s Streamlit UI.

  1. GRANT APPLICATION ROLE SNP_GLUE_CORE TO ROLE "<Account role>"; GRANT APPLICATION ROLE SNP_GLUE_SAP TO ROLE "<Account role>";

  2. After opening the Streamlit UI, click Manage Access in the right-top corner. Select to which account role you want to grant privileges. Then select application roles to be granted by clicking on the currently granted privileges, click Done, and then Done again.

image-20240411-085559.png