diff --git a/admin/roles.sql b/admin/roles.sql index 4795031f..19821af0 100644 --- a/admin/roles.sql +++ b/admin/roles.sql @@ -63,26 +63,27 @@ TO ROLE recover_data_analytics; // AD USE ROLE USERADMIN; -CREATE ROLE IF NOT EXISTS ad_team; +CREATE ROLE IF NOT EXISTS AD; USE ROLE SECURITYADMIN; -GRANT ROLE ad_team +GRANT ROLE AD TO ROLE useradmin; -GRANT ROLE ad_team +GRANT ROLE AD TO USER "abby.vanderlinden@sagebase.org"; GRANT USAGE ON DATABASE sage -TO ROLE ad_team; +TO ROLE AD; // Public role // Synapse data warehouse // GRANT SELECT ON ALL TABLES IN SCHEMA synapse_data_warehouse.synapse TO ROLE PUBLIC; -GRANT SELECT ON FUTURE TABLES IN SCHEMA synapse_data_warehouse.synapse -TO ROLE PUBLIC; -GRANT USAGE ON FUTURE SCHEMAS IN DATABASE sage -TO ROLE PUBLIC; -GRANT SELECT ON FUTURE TABLES IN DATABASE sage -TO ROLE PUBLIC; -GRANT USAGE ON DATABASE sage -TO ROLE PUBLIC; +-- TODO: Add these back in after governance +-- GRANT SELECT ON FUTURE TABLES IN SCHEMA synapse_data_warehouse.synapse +-- TO ROLE PUBLIC; +-- GRANT USAGE ON FUTURE SCHEMAS IN DATABASE sage +-- TO ROLE PUBLIC; +-- GRANT SELECT ON FUTURE TABLES IN DATABASE sage +-- TO ROLE PUBLIC; +-- GRANT USAGE ON DATABASE sage +-- TO ROLE PUBLIC; USE ROLE USERADMIN; CREATE ROLE IF NOT EXISTS masking_admin; diff --git a/elt/AD_setup.sql b/elt/AD_setup.sql index 44245c6d..99d0c7f9 100644 --- a/elt/AD_setup.sql +++ b/elt/AD_setup.sql @@ -1,36 +1,10 @@ use role sysadmin; -use database sage; +use database SAGE; -create or replace schema ad_team +create schema IF NOT EXISTS AD WITH MANAGED ACCESS; use role securityadmin; -grant ALL PRIVILEGES on schema sage_test.ad_team to role ad_team; -grant ALL PRIVILEGES on future tables in schema sage_test.ad_team to role sysadmin; +grant ALL PRIVILEGES on schema SAGE.AD to role ad_team; +grant ALL PRIVILEGES on future tables in schema SAGE.ad_team to role sysadmin; -- grant all privileges on table sage_test.ad_team.diverse_cohorts_fileview to role sysadmin; - -use role ad_team; -use database sage; -use schema ad_team; -COPY INTO "SAGE"."AD_TEAM"."DIVERSE_COHORTS_FILEVIEW" -FROM '@"SAGE"."AD_TEAM"."%DIVERSE_COHORTS_FILEVIEW"/__snowflake_temp_import_files__/' -FILES = ('Job-301735543709776341820576351.csv') -FILE_FORMAT = ( - TYPE=CSV, - SKIP_HEADER=1, - FIELD_DELIMITER=',', - TRIM_SPACE=FALSE, - FIELD_OPTIONALLY_ENCLOSED_BY='"', - DATE_FORMAT=AUTO, - TIME_FORMAT=AUTO, - TIMESTAMP_FORMAT=AUTO -) -ON_ERROR=ABORT_STATEMENT -PURGE=TRUE; - -SELECT * -FROM sage.ad_team.diverse_cohorts_fileview -limit 10; - -SELECT distinct("study") -FROM sage.portal_raw.AD; diff --git a/elt/synapse_gold.sql b/elt/synapse_gold.sql index 139c6216..6f62c057 100644 --- a/elt/synapse_gold.sql +++ b/elt/synapse_gold.sql @@ -1,13 +1,7 @@ USE ROLE SYSADMIN; use database synapse_data_warehouse; use schema synapse; -use role securityadmin; -// GRANT SELECT ON ALL TABLES IN SCHEMA synapse_data_warehouse.synapse TO ROLE PUBLIC; -REVOKE SELECT ON ALL TABLES IN SCHEMA synapse_data_warehouse.synapse -FROM ROLE PUBLIC; -REVOKE SELECT ON FUTURE TABLES IN SCHEMA synapse_data_warehouse.synapse -FROM ROLE PUBLIC; --- GRANT SELECT ON FUTURE TABLES IN SCHEMA synapse_data_warehouse.synapse TO ROLE PUBLIC; + // Create certified quiz question latest CREATE TABLE IF NOT EXISTS synapse_data_warehouse.synapse.certifiedquizquestion_latest AS select distinct * from synapse_data_warehouse.synapse_raw.certifiedquizquestion