Taylor Paddock on 30 Jan 2019 00:14:56
Currently, the Snowflake user's default role is used for the connection. Need the ability to specify a Snowflake role if a user is assigned to more than one role. Role is already an optional parameter in the ODBC connector that is required to be installed. Using the ODBC connector instead will not work as DirectQuery is needed from the Snowflake Connector.
- Comments (17)
RE: Add support for Role in Snowflake Connector
Without this feature we have to deal with a painful workaround of running a secondary data security provisioning in the database where we could simply rely on roles. However, when we have more than one subject that could be segregated by roles we always facing the issue with people having access to more than one subject. Creating roles that are combinations of roles does not scale... We need to be able to specify a role for a particular session/connection!
RE: Add support for Role in Snowflake Connector
This is very much needed for line of business reporting.
RE: Add support for Role in Snowflake Connector
This feature is very critical and needed
RE: Add support for Role in Snowflake Connector
Pretty crazy that you can't specify this outside the DSN... needed for users with access to multiple roles.
RE: Add support for Role in Snowflake Connector
Is this supported now?
RE: Add support for Role in Snowflake Connector
Please vote for this one too!
https://ideas.powerbi.com/forums/265200-power-bi-ideas/suggestions/33350926-snowflake-connector-add-sql-statement-as-option
RE: Add support for Role in Snowflake Connector
Snowflake security administrators can assign only one default role to a user account. Per vendor recommendations, members of built-in roles (e.g. SECURITYADMIN, SYSADMIN, and ACCOUNTADMIN) are encouraged to assign a low-privilege default role. Those users must elevate their security token to perform DBA like tasks and will generally have insufficient permissions to read from user-defined content hosted in the Snowflake account. With interactive sessions and other BI tools, those user accounts can issue statements like "USE ROLE mydatabase_db_reader" to change security contexts for BI client purposes. The inability to alter the default role limits some users from being able to access all of the database tables and views that would otherwise be available using other BI tools that support the USE ROLE semantics.