Access Grants
Retrieves Snowflake access grants for auditing role-based permissions and privilege assignments.
Requirements
- You must have a snowflake account and access to creating a service account user, create a role and assign it.
- Monad uses key pair authentication you can follow the Snowflake docs on how to set this up here. Be sure to have your private and public keys handy.
- Create a new snowflake service account user with the following command
CREATE USER monad_service_account
COMMENT = 'Service account for monad snowflake output'
type = 'service'
RSA_PUBLIC_KEY='Your RSA Public Key';
- We need to create a new role for this service account.
-- Create a custom role for the service account
CREATE ROLE monad_service_account_role;
-- Grant the role to the service account
GRANT ROLE monad_service_account_role TO USER monad_service_account;
Details
Monad uses the cron field to schedule the input at specific intervals, returning all users across the account in each sync.
Configuration
The following configuration defines the input parameters. Each field's specifications, such as type, requirements, and descriptions, are detailed below.
Settings
| Setting | Type | Required | Description |
|---|---|---|---|
| Cron | string | Yes | Cron string for scheduling tasks. Ex: '0 0 * * *' for daily execution at midnight. |
| Account | string | Yes | The unique identifier for your Snowflake account, typically in the form of 'organization-account_name' |
| User | string | Yes | The username of the Snowflake account used to establish the connection |
| role | string | Yes | The name of the role the service account user will use |
Secrets
| Secret | Type | Required | Description |
|---|---|---|---|
| Private Key | string | Yes | The RSA private key used to authenticate |
| Password | string | Yes | Snowflake password used to authenticate |
Note: One out of Private Key and Password can be used to authenticate with this input.
Sample Record
{
"created_on": "2025-08-11T23:46:45.191638Z",
"granted_by": "Jane Jones",
"granted_to": "ROLE",
"grantee_name": "PUBLIC",
"role": "SYSADMIN",
"enabled": true
}