SHOW GRANTS TO PRINCIPAL

Lists every grant assigned to a principal across object types: roles, zones, schemas, tables, external locations, and storage credentials.

Category: securityPrivilege: ManageGrantsDeltaForge extension

Syntax

SHOW GRANTS TO PRINCIPAL <principal>

Description

## Overview SHOW GRANTS TO PRINCIPAL aggregates every grant in the catalog where the named principal is the grantee. The result spans role grants, object grants on zones, schemas, tables, external locations, and storage credentials. ## Output Columns include the privilege name, the object type, the object name, whether WITH GRANT OPTION applies (where supported), the granter, and the granted timestamp. ## Behavior - The command returns direct grants only. Privileges accumulated via role inheritance are not flattened in the output; to see those, walk the role graph manually or query the Control Plane's effective-permission view. - Group-derived role grants are not exploded into the output of the underlying users. Querying SHOW GRANTS TO PRINCIPAL <user> does not list grants the user inherits via group membership; query the group instead. ## Access Control Requires the `ManageGrants` privilege or admin-level access to the catalog. ## Compatibility DeltaForge extension.

Parameters

Name	Type	Description
`principal`		Specifies the principal name. May be a user, role, group, or service principal.

Examples

SHOW GRANTS TO PRINCIPAL alice;

SHOW GRANTS TO PRINCIPAL data_engineer;

Pitfalls

The output reports direct grants only. A user who holds privileges through role inheritance or group membership will not see those privileges in their personal SHOW GRANTS output. Walk the role graph or inspect the group's grants explicitly to see the full picture.