Grants one or more privileges on a storage credential to a principal. Supports WITH GRANT OPTION.
GRANT <privilege> [, <privilege> ...] ON STORAGE CREDENTIAL <name> TO <principal> [WITH GRANT OPTION]## Overview GRANT ON STORAGE CREDENTIAL gives a principal the right to use a storage credential when registering external locations. Granting CREATE_EXTERNAL_LOCATION on a credential is the standard way to let a non-admin principal bring a new bucket online without exposing the credential's secret material. ## Behavior - The principal is a single name; multiple principals require multiple statements. - WITH GRANT OPTION lets the grantee re-grant the privilege to others. - Dropping the storage credential removes all grants on it. ## Access Control Requires the `ManageGrants` privilege on the credential, ownership, or a prior grant with WITH GRANT OPTION. ## Compatibility DeltaForge extension.
| Name | Type | Description |
|---|---|---|
privileges | Specifies one or more privileges. Common privileges: `CREATE_EXTERNAL_LOCATION` (use this credential to back a new location), `MANAGE`. | |
credential_name | Specifies the storage credential. | |
principal | Specifies the principal. | |
with_grant_option | When true, the grantee may re-grant the same privileges. |
GRANT CREATE_EXTERNAL_LOCATION ON STORAGE CREDENTIAL prod_aws_role TO ROLE pipeline_lead;GRANT CREATE_EXTERNAL_LOCATION ON STORAGE CREDENTIAL prod_aws_role TO ROLE data_lead WITH GRANT OPTION;