When the user provides a grants config and there is an existing database role with access to a model, dbt-snowflake may attempt to revoke permissions on this database role. dbt-snowflake does not manage database roles so the DDL that is produced is incorrect, resulting in an error. This bug shows up in particular for incremental models where dbt-snowflake attempts to reconcile permissions on a persistent object; normally tables/views are dropped and recreated so there is no need to revoke permissions.
Solution
Remove database roles when standardizing the grants dict, as is done for OWNERSHIP permissions and SHARE grants.
[x] I have run this code in development and it appears to resolve the stated issue
[x] This PR includes tests, or tests are not required/relevant for this PR
[x] This PR has no interface changes (e.g. macros, cli, logs, json artifacts, config files, adapter interface, etc) or this PR has already received feedback and approval from Product or DX
resolves #1151
Problem
When the user provides a
grantsconfig and there is an existing database role with access to a model,dbt-snowflakemay attempt to revoke permissions on this database role.dbt-snowflakedoes not manage database roles so the DDL that is produced is incorrect, resulting in an error. This bug shows up in particular for incremental models wheredbt-snowflakeattempts to reconcile permissions on a persistent object; normally tables/views are dropped and recreated so there is no need to revoke permissions.Solution
Remove database roles when standardizing the grants dict, as is done for
OWNERSHIPpermissions andSHAREgrants.Checklist