Medium severityaccess control

Power BI Refresh Error:
Snowflake GRANT OPTION Error (Insufficient Privileges to Grant)

What does this error mean?

A GRANT statement failed because the executing role does not have the WITH GRANT OPTION privilege on the object being granted, or the role is not the object owner.

Common causes

1A non-owner role attempting to GRANT a privilege it received without the WITH GRANT OPTION flag
2SECURITYADMIN or SYSADMIN is not the current role when performing object grants
3Stored procedure or TASK attempting to GRANT privileges without EXECUTE AS OWNER
4Sharing a database object with a share without owning the object
5Attempting to re-grant a privilege on an object that was granted to the role without GRANT OPTION

How to fix it

1Switch to the object owner role before issuing the GRANT: `USE ROLE <owner_role>`
2Or use SECURITYADMIN which can manage all grants: `USE ROLE SECURITYADMIN`
3If a stored procedure needs to GRANT privileges, define it with `EXECUTE AS OWNER`
4Grant the privilege WITH GRANT OPTION to the intermediate role: `GRANT SELECT ON TABLE t TO ROLE r WITH GRANT OPTION`
5Review role hierarchy with `SHOW GRANTS TO ROLE <role>` to understand current privilege chain

Frequently asked questions

What is the difference between SECURITYADMIN and SYSADMIN for GRANT operations?

SECURITYADMIN can manage all roles and privileges. SYSADMIN owns most database objects by convention and can grant privileges on objects it owns. For cross-role grants, SECURITYADMIN is the safest choice.