users
Creates, updates, deletes, gets or lists a users resource.
Overview
| Name | users |
| Type | Resource |
| Id | snowflake.user.users |
Fields
| Name | Datatype | Description |
|---|---|---|
name | string | User name |
comment | string | Comment about the user. |
created_on | string | |
custom_landing_page_url | string | |
custom_landing_page_url_flush_next_ui_load | boolean | Whether or not to flush the custom landing page of the user on next UI load |
days_to_expiry | integer | How many days until this user expires |
default_namespace | string | The default namespace to use when this user starts a session |
default_role | string | The default role to use when this user starts a session |
default_secondary_roles | string | The default secondary roles of this user to use when starting a session. Only valid set values are ALL or NONE. Default is ALL after 2024-07 BCR. |
default_warehouse | string | The default warehouse to use when this user starts a session |
disabled | boolean | Has this user been disabled from the system |
display_name | string | Display name |
email | string | Email address |
enable_unredacted_query_syntax_error | boolean | Whether to show unredacted query syntax errors in the query history. |
expires_at | string | |
ext_authn_duo | boolean | |
ext_authn_uid | string | |
first_name | string | First name |
has_password | boolean | |
has_rsa_public_key | boolean | |
last_name | string | Last name |
last_successful_login | string | |
locked_until | string | |
login_name | string | Login name |
middle_name | string | Middle name |
mins_to_bypass_mfa | integer | How many minutes until MFA is required again |
mins_to_bypass_network_policy | integer | Temporary bypass network policy on the user for a specified number of minutes |
mins_to_unlock | integer | How many minutes until the account is unlocked after multiple failed logins |
must_change_password | boolean | Does this user need to change their password (e.g., after assigning a temp password) |
network_policy | string | Specifies an existing network policy is active for the user. Otherwise, use account default. |
owner | string | |
password | string | Password |
password_last_set | string | |
rsa_public_key | string | RSA public key of the user |
rsa_public_key_2 | string | Second RSA public key of the user |
rsa_public_key_2_fp | string | Fingerprint of the user's second RSA public key |
rsa_public_key_fp | string | Fingerprint of the user's RSA public key |
snowflake_lock | boolean | Whether the user, account, or organization is locked by Snowflake. |
snowflake_support | boolean | Whether Snowflake Support is allowed to use the user or account |
type | string | Indicates the type of user (PERSON | SERVICE | LEGACY_SERVICE) |
Methods
| Name | Accessible by | Required Params | Description |
|---|---|---|---|
fetch_user | SELECT | name, endpoint | Fetch user information using the result of the DESCRIBE command |
list_users | SELECT | endpoint | Lists the users in the system. |
create_user | INSERT | data__name, endpoint | Create a user according to the parameters given |
delete_user | DELETE | name, endpoint | Delete a user with the given name. |
create_or_alter_user | REPLACE | name, data__name, endpoint | Create a (or alter an existing) user. Even if the operation is just an alter, the full property set must be provided. Note that password is not currently altered by this operation but is supported for a newly-created object. |
SELECT examples
Lists the users in the system.
SELECT
name,
comment,
created_on,
custom_landing_page_url,
custom_landing_page_url_flush_next_ui_load,
days_to_expiry,
default_namespace,
default_role,
default_secondary_roles,
default_warehouse,
disabled,
display_name,
email,
enable_unredacted_query_syntax_error,
expires_at,
ext_authn_duo,
ext_authn_uid,
first_name,
has_password,
has_rsa_public_key,
last_name,
last_successful_login,
locked_until,
login_name,
middle_name,
mins_to_bypass_mfa,
mins_to_bypass_network_policy,
mins_to_unlock,
must_change_password,
network_policy,
owner,
password,
password_last_set,
rsa_public_key,
rsa_public_key_2,
rsa_public_key_2_fp,
rsa_public_key_fp,
snowflake_lock,
snowflake_support,
type
FROM snowflake.user.users
WHERE endpoint = '{{ endpoint }}';
INSERT example
Use the following StackQL query and manifest file to create a new users resource.
- Required Properties
- All Properties
- Manifest
/*+ create */
INSERT INTO snowflake.user.users (
data__name,
data__password,
data__login_name,
data__display_name,
data__first_name,
data__middle_name,
data__last_name,
data__email,
data__must_change_password,
data__disabled,
data__days_to_expiry,
data__mins_to_unlock,
data__default_warehouse,
data__default_namespace,
data__default_role,
data__default_secondary_roles,
data__mins_to_bypass_mfa,
data__rsa_public_key,
data__rsa_public_key_2,
data__comment,
data__type,
data__enable_unredacted_query_syntax_error,
data__network_policy,
endpoint
)
SELECT
'{{ name }}',
'{{ password }}',
'{{ login_name }}',
'{{ display_name }}',
'{{ first_name }}',
'{{ middle_name }}',
'{{ last_name }}',
'{{ email }}',
'{{ must_change_password }}',
'{{ disabled }}',
'{{ days_to_expiry }}',
'{{ mins_to_unlock }}',
'{{ default_warehouse }}',
'{{ default_namespace }}',
'{{ default_role }}',
'{{ default_secondary_roles }}',
'{{ mins_to_bypass_mfa }}',
'{{ rsa_public_key }}',
'{{ rsa_public_key_2 }}',
'{{ comment }}',
'{{ type }}',
'{{ enable_unredacted_query_syntax_error }}',
'{{ network_policy }}',
'{{ endpoint }}'
;
/*+ create */
INSERT INTO snowflake.user.users (
data__name,
endpoint
)
SELECT
'{{ name }}',
'{{ endpoint }}'
;
- name: users
props:
- name: data__name
value: string
- name: endpoint
value: string
- name: name
value: string
- name: password
value: string
- name: login_name
value: string
- name: display_name
value: string
- name: first_name
value: string
- name: middle_name
value: string
- name: last_name
value: string
- name: email
value: string
- name: must_change_password
value: boolean
- name: disabled
value: boolean
- name: days_to_expiry
value: integer
- name: mins_to_unlock
value: integer
- name: default_warehouse
value: string
- name: default_namespace
value: string
- name: default_role
value: string
- name: default_secondary_roles
value: string
- name: mins_to_bypass_mfa
value: integer
- name: rsa_public_key
value: string
- name: rsa_public_key_2
value: string
- name: comment
value: string
- name: type
value: string
- name: enable_unredacted_query_syntax_error
value: boolean
- name: network_policy
value: string
REPLACE example
Replaces all fields in the specified users resource.
/*+ update */
REPLACE snowflake.user.users
SET
name = '{{ name }}',
password = '{{ password }}',
login_name = '{{ login_name }}',
display_name = '{{ display_name }}',
first_name = '{{ first_name }}',
middle_name = '{{ middle_name }}',
last_name = '{{ last_name }}',
email = '{{ email }}',
must_change_password = true|false,
disabled = true|false,
days_to_expiry = '{{ days_to_expiry }}',
mins_to_unlock = '{{ mins_to_unlock }}',
default_warehouse = '{{ default_warehouse }}',
default_namespace = '{{ default_namespace }}',
default_role = '{{ default_role }}',
default_secondary_roles = '{{ default_secondary_roles }}',
mins_to_bypass_mfa = '{{ mins_to_bypass_mfa }}',
rsa_public_key = '{{ rsa_public_key }}',
rsa_public_key_2 = '{{ rsa_public_key_2 }}',
comment = '{{ comment }}',
type = '{{ type }}',
enable_unredacted_query_syntax_error = true|false,
network_policy = '{{ network_policy }}'
WHERE
name = '{{ name }}'
AND data__name = '{{ data__name }}'
AND endpoint = '{{ endpoint }}';
DELETE example
Deletes the specified users resource.
/*+ delete */
DELETE FROM snowflake.user.users
WHERE name = '{{ name }}'
AND endpoint = '{{ endpoint }}';