berachain-models/macros/admin/run_streamline_dev_permissions.sql

{% macro run_streamline_dev_permissions(project_name) %}
  --This will run before api integration is created
  --aws_lambda_{{ project_name }}_api and dbt_cloud_{{ project_name }} users should both be created prior to running this macro

  {% set sql %}

  use role accountadmin;
  use warehouse dbt;
  create role IF NOT EXISTS dbt_cloud_{{ project_name }};
  create role IF NOT EXISTS aws_lambda_{{ project_name }}_api;

  grant role aws_lambda_{{ project_name }}_api to user aws_lambda_{{ project_name }}_api;
  grant role internal_dev to role aws_lambda_{{ project_name }}_api;
  grant usage on warehouse dbt_cloud to role aws_lambda_{{ project_name }}_api;

  --Create dbt_cloud_{{ project_name }} role and grant permissions
  grant role dbt_cloud_{{ project_name }} to role ACCOUNTADMIN;
  grant role internal_dev to role dbt_cloud_{{ project_name }};
  grant create integration on account to role dbt_cloud_{{ project_name }};
  grant usage on warehouse dbt_cloud to role dbt_cloud_{{ project_name }};

  --Grants necessary for DB cloning
  grant create database on account to role dbt_cloud_{{ project_name }};
  grant manage grants on account to role dbt_cloud_{{ project_name }};
  grant execute task on account to role dbt_cloud_{{ project_name }};


  --Create Database and Grant Perms
  use role internal_dev;
  create database if not exists {{ project_name }}_dev;
  grant usage on database {{ project_name }}_dev to role aws_lambda_{{ project_name }}_api;
  grant usage on database {{ project_name }}_dev to role dbt_cloud_{{ project_name }};
  grant usage on database {{ project_name }}_dev to role internal_dev;
  grant usage on database {{ project_name }}_dev to role datascience;

  --Create Streamline Schema and Grant Permissions
  create schema if not exists {{ project_name }}_dev.bronze;
  create schema if not exists {{ project_name }}_dev._internal;
  create schema if not exists {{ project_name }}_dev.silver;
  create schema if not exists {{ project_name }}_dev.streamline;
  create schema if not exists streamline.{{ project_name }}_dev;


  use role accountadmin;

  --Grant schema usage first
  grant usage on schema {{ project_name }}_dev.streamline to role aws_lambda_{{ project_name }}_api;

  --Then grant object permissions
  grant select on all views in schema {{ project_name }}_dev.streamline to role aws_lambda_{{ project_name }}_api;
  grant select on all tables in schema {{ project_name }}_dev.streamline to role aws_lambda_{{ project_name }}_api;
  grant usage on all functions in schema {{ project_name }}_dev.streamline to role aws_lambda_{{ project_name }}_api;
  grant select on future views in schema {{ project_name }}_dev.streamline to role aws_lambda_{{ project_name }}_api;
  grant select on future tables in schema {{ project_name }}_dev.streamline to role aws_lambda_{{ project_name }}_api;
  grant usage on future functions in schema {{ project_name }}_dev.streamline to role aws_lambda_{{ project_name }}_api;

  --Permissions for Streamline external tables
  grant usage on schema streamline.{{ project_name }}_dev to role aws_lambda_{{ project_name }}_api;
  grant select on all tables in schema streamline.{{ project_name }}_dev to role aws_lambda_{{ project_name }}_api;
  grant select on all views in schema streamline.{{ project_name }}_dev to role aws_lambda_{{ project_name }}_api;
  grant select on future tables in schema streamline.{{ project_name }}_dev to role aws_lambda_{{ project_name }}_api;
  grant select on future views in schema streamline.{{ project_name }}_dev to role aws_lambda_{{ project_name }}_api;

  grant usage on schema streamline.{{ project_name }}_dev to role streamline_snowflake;
  grant create external table on schema streamline.{{ project_name }}_dev to role streamline_snowflake;
  grant create stage on schema streamline.{{ project_name }}_dev to role streamline_snowflake;

  {% endset %}

  {% do log(sql, info=true)%}
  {% do run_query(sql) %}
  {% do log("Streamline DEV Permissions for  " ~ project_name ~ " successfully ran", true) %}
{% endmacro %}