en

Program! Check the free webinars or register for courses. You can always look back via recorded webinars.

Scroll

Access control in Snowflake

From Admin to Employee

Snowflake has many options when it comes to access control of different users. In this blog, we show how the fictional company Luminary creates partitioning based on different roles instead of individual users. Learn how to efficiently and securely manage data access, from system administration to individual employees.

RBAC model in Snowflake

Snowflake uses the RBAC model, which stands for Role-Based Access Control. This means that access to data and functions is controlled based on roles rather than individual users.

In databases, you will find many different objects, such as tables, views and stored procedures. To manage this efficiently, Snowflake uses roles. You then assign these roles to users. In this blog, we show how to apply Snowflake's extensive access control capabilities to the fictional company Luminary.

Access control in Snowflake

System Administration

In this blog, in addition to stores, Luminary has departments for sales, finance and HR. Sales and finance in particular use a lot of data for their decisions, but there are also many opportunities for HR. Specialized dashboards provide daily insights. In this, Snowflake makes it possible for all departments to work with the data.

First, the administrator sets up the Snowflake environment by configuring the databases, schemas and warehouses. The administrator has access to the role "ACCOUNTADMIN. Because the data is privacy sensitive, it uses the principle of minimal privileges: An employee uses can see only the data that is relevant to that person.

The system administrator creates three new roles: ADMIN_HR, ADMIN_SALES and ADMIN_FINANCE. These roles are assigned to the executives within the departments. Then each role is given read-only rights to the relevant databases.

Admin

We follow the hierarchy down. From the admin level, we need to redistribute roles among the department's employees. This way, the manager of the department has strong permissions but cannot access the data of another department. Because the roles for the employees themselves are based on the admin role, you have the ability to control access in great detail. When hiring a new employee, onboarding with Snowflake is also simple: After a new user is created, you only need to assign the relevant role, that of Employee.

The bottom level of Luminary's role pyramid is at a level of individual employees. This role obviously cannot delete records, but it also cannot create new roles. In fact, this role can do no more than is strictly necessary, exactly how the principle of least privileges should be implemented. From the parent ADMIN role, the relevant tables and views are already prepared. In this way, the Snowflake environment is neatly set up for use at all levels of the company.

CONTACT

Get in touch with us!

Do you have any questions about assigning or classifying roles within Snowflake or would you like us to arrange it for you? Feel free to contact us using the form below.

Name
This form is protected by reCAPTCHA, the privacypolicy and the terms of service of Google apply.

Wist u dat uw browser verouderd is?

Om de best mogelijke gebruikerservaring van onze website te krijgen raden wij u aan om uw browser te upgraden naar een nieuwere versie of een andere browser. Klik op de upgrade button om naar de download pagina te gaan.

Upgrade hier uw browser
Ga verder op eigen risico

Download the eBook: Cloud Data Lakes for Dummies

In this special edition, you will discover why Cloud Data Lakes are also very interesting for your organisation.

Download for free