Skip to main content

COA Deployment Error Resolution

This guide helps you quickly find and fix common deployment errors. It consolidates links to existing docs and adds resolution steps for errors that frequently appear in support tickets.

Quick Reference Table

Error or ScenarioWhere to Find Help
Permission denied or env-deploy errorsCoalesce Permission Requirements
Snowflake "Insufficient privileges" in view validationSnowflake View Validation Privileges
Blank column names or plan validation failureBlank Column Names
Storage mapping errorsStorage Mapping Deployment Failures
Plan failures (renames, dropped tables, metadata drift)Troubleshooting Deploys and Refreshes
Invalid column metadata (no failed stages)Invalid Column Metadata
Primary key or schema change failuresPrimary Key Schema Change Failures

Coalesce Permission Requirements

To deploy or refresh through the API, CLI, or Coalesce App, the account or service principal must have the right Coalesce role and data platform access.

Environment-Level Permissions

  • Environment Admin: Required to deploy. This role manages Environment settings, reads project documentation, and deploys through the API, CLI, or Coalesce App.
  • Environment Reader: Can view documentation and certain API functions; cannot deploy.

If you see permission or "env-deploy" related errors when deploying (for example, from CI/CD or the CLI), ensure the account has the Environment Admin role on the target Environment. Service accounts used for automated deployments must be added to the Org, Project, and Environment with this role.

For details, see Adding Users and Setting Permissions and RBAC Roles and Permissions.

Data Platform Permissions

Your Environment credentials (Snowflake, Databricks, etc.) must have sufficient privileges to create and modify objects. For Snowflake, see Setting Up a Snowflake Service Account. For CI/CD, see Data Platform Permissions in the GitHub Actions guide.

Snowflake View Validation Privileges

You may see errors such as:

SQL access control error: Insufficient privileges to operate on table 'STG_DISCOUNTS_DATA'

during the Validating object exists stage when deploying views. The role may have ownership on both the view and the underlying table, and the same query may run successfully when executed manually in Snowflake.

Why This Happens

Snowflake evaluates view privileges at different times. During deployment, Coalesce runs validation queries (for example, SELECT 1 FROM "DB"."SCHEMA"."VIEW_NAME" LIMIT 0). Snowflake may enforce privileges on underlying tables differently in this context than when you run the query interactively.

How To Resolve

  1. Grant explicit privileges on underlying objects: Ensure the deployment role has SELECT on all tables and views referenced by the view definition:

    • GRANT SELECT ON ALL TABLES IN SCHEMA <db>.<schema> TO ROLE <coalesce_role>;
    • GRANT SELECT ON ALL VIEWS IN SCHEMA <db>.<schema> TO ROLE <coalesce_role>;
    • For future objects: GRANT SELECT ON FUTURE TABLES IN SCHEMA ... and GRANT SELECT ON FUTURE VIEWS IN SCHEMA ...

  2. Verify the role in use: Confirm the role configured in the Environment credentials is the one with these grants. Check with SHOW GRANTS TO ROLE <role_name>; in Snowflake.

  3. Check for ownership vs. privilege: Ownership alone can be insufficient in some Snowflake configurations. Explicit SELECT grants on underlying tables and views are recommended.

For a full setup, see Setting Up a Snowflake Service Account. For general permission issues when adding sources, see Permission Issues When Adding Sources.

What's Next?