In this lesson we will:

  • Learn about the Snowflake permission model, including users and roles, and how they are used to control access to data and objects within your databases;
  • Learn about Row Level Access Control.

Role Based Access Control

As with many databases, Snowflake has a Role Based Access Control Model. Permissions to read or write certain database objects are granted to roles, and roles are granted to users.

A database object could of course be a table containing data, but the same model applies to all database objects, including accounts, databases, views, stored procedures etc.

A common set of roles might look like the below:

  • MANAGER
  • SALESPERSON
  • AGENT
  • CASHIER
  • ANALYST
  • DIRECTOR

A particular set of permissions might be:

  • MANAGER has read and write permission for table SALES
  • SALESPERSON has read permission to table SALES

Creating Roles

Roles are created using SQL

create role storemanager;
create role storeemployee;

Granting Permissions To Roles

We then grant permissions to the manager role.

alter role storemanager add
alter role storemanager add

Granting Permissions To Users

We can also grant permissions directly to users rather than indirectly via a role:

alter user benjamin grant role manager

Row Level Access Control

The Role Based Access Control model outlined above is mainly used for controlling permissions at the database object level, such as allowing individual users the ability to read or write entire tables.

In some situations, we need more granular access to enable us to limit a subset of data to a specific user or role. For instance, maybe people with SALESPEOPLE role.

This is referred to as Row Level Access Policies. This will be described in more detail in a seperate lesson.

Next Lesson:
05

Snowflake Billing

In this lesson we will learn about the Snowflake billing and credit model.

0h 15m




Work With The Experts In Real-Time Analytics & AI

we help enterprise organisations deploy powerful real-time Data, Analytics and AI solutions based on ClickHouse, the worlds fastest open-source database.

Join our mailing list for regular insights:

We help enterprise organisations deploy advanced data, analytics and AI enabled systems based on modern cloud-native technology.

© 2024 Ensemble. All Rights Reserved.