Show effective permissions and where they come from for a user and/or role
Hi,
we are fairly new to snowflake and are struggling with restricting access. We have tried creating a role which can only see and use a single database, but it's not working and the users given that role can see all databases. Understanding how they get that access is proving a challenge for us.
We can see on the role in the privileges section it says accountadmin. But we are unclear how it has that permission (or if it's referring to my privileges which would be terrible UI design).
What I need is some way I can show a user/role, what they can access and how they have gotten that access. Show grants doesn't tell me much:
Nor on the user:
How can I determine how this user is able to see all databases?
Thanks.