π Snowflake User Default Role is not set π’
- Contextual name: π Default Role is not set π’
- ID:
/ce/ca/snowflake/user/default-role-is-not-set - Located in: π Snowflake User
Flagsβ
- π’ Policy with categories
- π’ Policy with type
- π’ Production policy
Our Metadataβ
- Policy Type:
COMPLIANCE_POLICY - Policy Category:
SECURITY
Logicβ
- π§ prod.logic.yaml π’
- π Snowflake User
- π Snowflake User - object.extracts.yaml
- π§ͺ test-data.json
Descriptionβ
Descriptionβ
Ensure that each Snowflake user account has a designated
Default Roleconfigured.Rationalβ
Assigning a
Default Roleto users reinforces the principle of least privilege by clearly defining the initial set of permissions available upon login. This practice:
- Provides predictable and controlled access at session start.
- Supports standardized access management and auditing across the organization.
Auditβ
This policy marks a Snowflake User as
INCOMPLIANTifDefault Role Namefield is empty.
Remediationβ
Remediationβ
Using SQLβ
The executing role must hold the OWNERSHIP privilege on the target user account to modify its properties via SQL.
To assign a default role to a Snowflake user, execute the following SQL command:
ALTER USER {{username}}
SET DEFAULT_ROLE = {{role_name}};Note: The specified
{{role_name}}must already exist in Snowflake.
policy.yamlβ
Linked Framework Sectionsβ
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|---|---|---|---|
| πΌ Cloudaware Framework β πΌ User Account Management | 16 |