You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the bug
In the Snowflake Security Dashboards, step 8 (Configuration Management tiles) there is a query to show "Configuration Management: Privileged object changes by User.
The query won't return everything it should because it doesn't account for the CREATE OR REPLACE syntax
The query also doesn't filter out SHOW commands, which it should.
A potentially better version of the query is:
SELECT
query_text,
user_name,
role_name,
end_time
FROM snowflake.account_usage.query_history
WHERE execution_status = 'SUCCESS'
AND query_type NOT in ('SELECT', 'SHOW')
AND (query_text ILIKE '%create%role%'
OR query_text ILIKE '%manage grants%'
OR query_text ILIKE '%create%integration%'
OR query_text ILIKE '%create%share%'
OR query_text ILIKE '%create%account%'
OR query_text ILIKE '%monitor usage%'
OR query_text ILIKE '%ownership%'
OR query_text ILIKE '%drop table%'
OR query_text ILIKE '%drop database%'
OR query_text ILIKE '%create%stage%'
OR query_text ILIKE '%drop stage%'
OR query_text ILIKE '%alter stage%'
)
ORDER BY end_time desc;
Expected behavior
SHOW commands should not be in the output totals, and the totals should include instances where the CREATE OR REPLACE syntax was used instead of just CREATE statements
Screenshots
N/A
Desktop (please complete the following information):
N/A
Smartphone (please complete the following information):
N/A
Additional context
N/A
The text was updated successfully, but these errors were encountered:
Describe the bug
In the Snowflake Security Dashboards, step 8 (Configuration Management tiles) there is a query to show "Configuration Management: Privileged object changes by User.
The query won't return everything it should because it doesn't account for the CREATE OR REPLACE syntax
The query also doesn't filter out SHOW commands, which it should.
A potentially better version of the query is:
SELECT
query_text,
user_name,
role_name,
end_time
FROM snowflake.account_usage.query_history
WHERE execution_status = 'SUCCESS'
AND query_type NOT in ('SELECT', 'SHOW')
AND (query_text ILIKE '%create%role%'
OR query_text ILIKE '%manage grants%'
OR query_text ILIKE '%create%integration%'
OR query_text ILIKE '%create%share%'
OR query_text ILIKE '%create%account%'
OR query_text ILIKE '%monitor usage%'
OR query_text ILIKE '%ownership%'
OR query_text ILIKE '%drop table%'
OR query_text ILIKE '%drop database%'
OR query_text ILIKE '%create%stage%'
OR query_text ILIKE '%drop stage%'
OR query_text ILIKE '%alter stage%'
)
ORDER BY end_time desc;
URL of where you see the bug
https://quickstarts.snowflake.com/guide/security_dashboards_for_snowflake/index.html?index=..%2F..index#7
To Reproduce
N/A
Expected behavior
SHOW commands should not be in the output totals, and the totals should include instances where the CREATE OR REPLACE syntax was used instead of just CREATE statements
Screenshots
N/A
Desktop (please complete the following information):
N/A
Smartphone (please complete the following information):
N/A
Additional context
N/A
The text was updated successfully, but these errors were encountered: