'Custom role with no inherited permissions can see ROLE information in Snowsight App

As the title says, we have many custom roles for Row Level Security Policies in a Reader account to allow them to be able to query objects and return a subset of the data.

The problem is that in the Snowsights app these roles can see all roles in my tenant, and the kicker is that they can go into the role details page and even get a list of users with these roles...

How can I remove the above access as this is information these roles should not be able to see.

snowflake-cloud-data-platformroles


Solution 1:[1]

Currently, this is a limitation on the Snowsight side where all the Roles are listed for any user with any roles irrespective of the RBAC model. This is being worked on and the correct design to hide the roles and display only the relevant ones per user's role will be rolled out soon.

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 Srinath Menon

Related Questions

How to check if a role exists in Sybase

Create PostgreSQL ROLE (user) if it doesn't exist

Oracle SELECT granted but still can't access table across users

Subscription-scope authorization for Azure Resource Manager API user

Double listbox with CollectionType/ChoiceType for user roles

Google Cloud Storage confused about ACL/IAM and legacy permissions

Rename default admin role in ABP framework

can't add 'allUsers' to GCP project

Cross account IAM roles for Kubernetes service account - s3 bucket

Why role cannot be dropped because some objects depend on it

Azure api management returns status 500 after enabling "assignment required" on Azure function Enterprise application properties

403 Forbidden Error in Keycloak API (view-users)

Github Actions, Deploy ARM template with Microsoft.Authorization/roleAssignments

Google Storage Bucket Permission to view object but not to list

How to map LDAP Usergroups to Wildfly roles