MODIFY, ENABLE, DISABLE, UNLOCK, or CHANGE PASSWORD Permissions

Note the following with the OWNERSHIP privilege:

The OWNERSHIP privilege grants the ability to delete, alter, rename, and grant or revoke access to an object.
OWNERSHIP is a special privilege on an object that is automatically granted to the role that created the object, but can also be transferred to a different role by the owning role (or any role with the MANAGE GRANTS privilege) using the GRANT OWNERSHIP command.
The OWNERSHIP privilege grants full control over an object. Only a single role can hold this privilege on a specific object at a time. For more information on the GRANT OWNERSHIP command, refer to the Snowflake documentation.

Only the role with the OWNERSHIP privilege on the user, or a higher role, can execute this command to modify most user properties.

To grant ownership permissions, use the following command:

GRANT OWNERSHIP ON USER "UserName" TO ROLE "Rolename";

Where UserName refers to the name of the user that you are modifying or deleting.

Note
To modify, enable, disable, unlock, or change the password of a user, a minimum permission user assigned role should have ownership permission on the user who you are modifying or deleting.

Feedback is provided as an informational resource only and does not form part of SailPoint's official product documentation. SailPoint does not warrant or make any guarantees about the feedback (including without limitation as to its accuracy, relevance, or reliability). All feedback is subject to the terms set forth at https://developer.sailpoint.com/discuss/tos.


	You are here:

MODIFY, ENABLE, DISABLE, UNLOCK, or CHANGE PASSWORD Permissions

Documentation Feedback