The Spyglass configuration language is a declarative syntax for describing access. For detailed schema and usage information, see our library documentation.

One main design goal of the config language is to be isomorphic; that is, a reversible mapping between Spyglass configuration and databases like Snowflake.

So, you can import Snowflake access rules to Spyglass, as well as apply Spyglass configuration back into Snowflake access rules, at any time.

Example

To see how the YAML converts to SQL, let's take a look at an example

roleGrants:
 ACME_CALL_CENTER_VIEWER:
   SELECT:
     TABLE:
       - ACME.PROD.CALL_CENTER

This results in the following SQL command being executed:

GRANT SELECT ON TABLE ACME.PROD.CALL_CENTER TO ROLE ACME_CALL_CENTER_VIEWER;

Special Operators

Config supports special operators like <FUTURE> for granting access to objects created in the future in Snowflake. For example, ACME.PROD.<FUTURE> grants access to ALL FUTURE TABLES IN SCHEMA ACME.PROD.

Additionally, you can use database.schema.* to create an "all grants" statement, such as ACME.PROD.* to grant access to ALL VIEWS IN SCHEMA ACME.PROD.