Snowflake Read-Only User Setup

-- set variables (these need to be uppercase)

SET MAGNIFY_ROLE = 'ROLE_NAME';
SET MAGNIFY_USERNAME = 'USER_NAME';

-- set user password

SET MAGNIFY_PASSWORD = 'PASSWORD';
SET MAGNIFY_WAREHOUSE = 'WAREHOUSE_NAME';
SET DATABASE_NAME = 'NAME_OF_THE_DATABASE';

BEGIN;

-- create Magnify role

CREATE ROLE IF NOT EXISTS IDENTIFIER($MAGNIFY_ROLE);
CREATE USER IF NOT EXISTS IDENTIFIER($MAGNIFY_USERNAME)
PASSWORD = $MAGNIFY_PASSWORD
DEFAULT_ROLE = $MAGNIFY_ROLE
DEFAULT_WAREHOUSE = $MAGNIFY_WAREHOUSE;
GRANT ROLE IDENTIFIER($MAGNIFY_ROLE) TO USER IDENTIFIER($MAGNIFY_USERNAME);

-- grant schema access

GRANT USAGE ON DATABASE IDENTIFIER($DATABASE_NAME) to role IDENTIFIER($MAGNIFY_ROLE);
GRANT USAGE ON DATABASE IDENTIFIER($DATABASE_NAME) to role IDENTIFIER($MAGNIFY_ROLE);
GRANT USAGE ON SCHEMA <DATABASE_NAME>.<SCHEMA_NAME> to role IDENTIFIER($MAGNIFY_ROLE);
GRANT SELECT ON ALL TABLES IN DATABASE IDENTIFIER($DATABASE_NAME) to role IDENTIFIER($MAGNIFY_ROLE);
GRANT SELECT ON FUTURE TABLES IN DATABASE IDENTIFIER($DATABASE_NAME) to role IDENTIFIER($MAGNIFY_ROLE);

COMMIT;

GRANT USAGE ON DATABASE <DATABASE_NAME> TO ROLE <ROLE_NAME>;
GRANT USAGE ON SCHEMA <DATABASE_NAME>.<SCHEMA_NAME> TO ROLE <ROLE_NAME>;

-- The below query needs to be ran for each table/view to integrate

GRANT SELECT ON TABLE<DATABASE_NAME>.<SCHEMA_NAME>.<TABLE/VIEW NAME> TO ROLE <ROLE_NAME>;