Shorts
A collection of random, small things I learned or found interesting.
-
Snowflake permissions are object-type specific ·
Snowflake requires separate access permissions for each object type in a database. You can’t just
GRANT SELECT ON ALL TABLES, you need to also grant on iceberg tables, views, external tables, dynamic tables, and all their future versions… 🙈 Oddly enough, secure views are the exception and don’t need separate grants. 🤷 -
Snowflake casts 'YES'/'NO' strings to booleans ·
Snowflake’s information schema uses ‘YES’/‘NO’ strings (like
is_iceberg). Surprisingly, these cast directly to booleans:CAST('YES' AS BOOLEAN) -- true CAST('NO' AS BOOLEAN) -- falseBut string comparison fails:
'YES' = truereturns false. Always cast first. -
dbt uses the + sign for multiple purposes ·
In dbt, the
+sign has different meanings depending on context. In selectors it means ‘include parents/children’, but in grants config it means ‘add to existing grants rather than replace’. Check the grants docs for details. -
VS Code Copilot shell detection fix ·
If VS Code Copilot isn’t detecting your shell properly, it’s likely your right-hand prompt (RPROMPT) interfering. Add this to
.zshrc:if [[ "$TERM_PROGRAM" == "vscode" ]]; then unset RPROMPT unset RPS1 fi -
Publishing a remote MCP server ·
To publish a remote MCP server to the registry, create a
server.jsonwith the schema:{ "$schema": "https://static.modelcontextprotocol.io/schemas/2025-12-11/server.schema.json", "name": "com.example/my-server", "remotes": [{ "type": "streamable-http", "url": "https://api.example.com/mcp" }] }See the MCP registry docs for authentication options.
-
Setting secrets in dbt for MotherDuck ·
You can configure secrets directly in your dbt profile for MotherDuck. Useful for S3/MinIO credentials:
secrets: - type: s3 name: my_bucket key_id: "{{ env_var('AWS_ACCESS_KEY') }}" secret: "{{ env_var('AWS_SECRET_KEY') }}" persistent: true