I’m a Data Engineer/Consultant working with a client that is moving into Snowflake, where we will not own the whole account ourselves, but will manage our own databases, roles etc. As we currently make extensive use of pulumi to manage our AWS infra, it would be really nice if we could manage Snowflake with the same codebase.
The big problem we are facing is that there is no full separation between “environments”/stacks in snowflake, i.e. users roles and grants are visible for the whole account, while database-level objects like schemas and tables are naturally separated.
Any tips, ideas or pointers are welcome in how to best solve this!
For the interested: After some internal deliberation, we have opted to go the “namespace” route, where all sf resources visible throughout the accounts vill be suffixet with the stack name, such that roles vill be named like:
depending on what “environment”/stack it belongs to.