Summary
Extend dbts publish / dbts unpublish (already shipped, commit `862e197`) with a --to-role flag that grants to a named Snowflake role instead of PUBLIC.
Why
PUBLIC is the right default for "let anyone read this", but teams often want to share with a specific analyst or QA role only. Already explicitly listed as out-of-scope in the v0.7.0 CHANGELOG entry — filing this so the request is tracked the moment it comes up.
Sketch
- Add
--to-role <ROLE> to both cmd_publish and cmd_unpublish.
- Default behaviour unchanged:
PUBLIC.
- Validate the role name (Snowflake identifier rules) and quote properly via
_sql_ident.
- Confirmation prompt mentions the actual role name.
- README + CHANGELOG entries.
Where it'd live
src/dbts/publish.py — parameterise the templates by role.src/dbts/cli.py — new flag.tests/test_publish.py — additional cases.
Effort
Small — probably 1–2 hours including tests.
Tier
Tier 2 — lesser idea (until someone asks for it; trivially added when they do).
Related
Summary
Extend
dbts publish/dbts unpublish(already shipped, commit `862e197`) with a--to-roleflag that grants to a named Snowflake role instead ofPUBLIC.Why
PUBLICis the right default for "let anyone read this", but teams often want to share with a specific analyst or QA role only. Already explicitly listed as out-of-scope in the v0.7.0 CHANGELOG entry — filing this so the request is tracked the moment it comes up.Sketch
--to-role <ROLE>to bothcmd_publishandcmd_unpublish.PUBLIC._sql_ident.Where it'd live
src/dbts/publish.py— parameterise the templates by role.src/dbts/cli.py— new flag.tests/test_publish.py— additional cases.Effort
Small — probably 1–2 hours including tests.
Tier
Tier 2 — lesser idea (until someone asks for it; trivially added when they do).
Related
dbts publish/dbts unpublish(shipped).dbts shared(feat:dbts shared— show current grants on the sandbox #7) would surface non-PUBLIC grants.