[Bug] Fix issue where dbt-snowflake attempts to drop database roles during grants sync

.changes/unreleased/Fixes-20240920-193613.yaml

@@ -0,0 +1,6 @@
+kind: Fixes
+body: Fix issue where dbt-snowflake attempts to drop database roles during grants sync
+time: 2024-09-20T19:36:13.671173-04:00
+custom:
+  Author: mikealfare
+  Issue: "1151"

dbt/adapters/snowflake/impl.py

@@ -320,7 +320,7 @@ def standardize_grants_dict(self, grants_table: "agate.Table") -> dict:
             grantee = row["grantee_name"]
             granted_to = row["granted_to"]
             privilege = row["privilege"]
-            if privilege != "OWNERSHIP" and granted_to != "SHARE":
+            if privilege != "OWNERSHIP" and granted_to not in ["SHARE", "DATABASE_ROLE"]:
                 if privilege in grants_dict.keys():
                     grants_dict[privilege].append(grantee)
                 else:

tests/functional/auth_tests/test_database_role.py

@@ -0,0 +1,68 @@
+import os
+
+import pytest
+
+from dbt.tests.util import run_dbt
+
+
+SEED = """
+id
+1
+""".strip()
+
+
+MODEL = """
+{{ config(
+    materialized='incremental',
+) }}
+select * from {{ ref('my_seed') }}
+"""
+
+
+class TestDatabaseRole:
+    """
+    This test addresses https://github.com/dbt-labs/dbt-snowflake/issues/1151
+
+    While dbt-snowflake does not manage database roles (it only manages account roles,
+    it still needs to account for them so that it doesn't try to revoke them.
+    """
+
+    @pytest.fixture(scope="class")
+    def seeds(self):
+        return {"my_seed.csv": SEED}
+
+    @pytest.fixture(scope="class")
+    def models(self):
+        return {"my_model.sql": MODEL}
+
+    @pytest.fixture(scope="class")
+    def project_config_update(self):
+        # grant to the test role even though this role already has these permissions
+        # this triggers syncing grants since `apply_grants` first looks for a grants config
+        return {"models": {"+grants": {"select": [os.getenv("SNOWFLAKE_TEST_ROLE")]}}}
+
+    @pytest.fixture(scope="class", autouse=True)
+    def setup(self, project):
+        """
+        Create a database role with access to the model we're about to create.
+        The existence of this database role triggered the bug as dbt-snowflake attempts
+        to revoke it if the user also provides a grants config.
+        """
+        role = "BLOCKING_DB_ROLE"
+        project.run_sql(f"CREATE DATABASE ROLE {role}")
+        sql = f"""
+        GRANT
+            ALL PRIVILEGES ON FUTURE TABLES
+            IN DATABASE {project.database}
+            TO DATABASE ROLE {role}
+        """
+        project.run_sql(sql)
+        yield
+        project.run_sql(f"DROP DATABASE ROLE {role}")
+
+    def test_database_role(self, project):
+        run_dbt(["seed"])
+        run_dbt(["run"])
+        # run a second time to trigger revoke on an incremental update
+        # this originally failed, demonstrating the bug
+        run_dbt(["run"])