Database Access Modeling
Database Access Modeling
Photo by Campaign Creators on Unsplash

Overview

Snowflake provides a set of pre-defined roles (such as SYSADMIN and ACCOUNTADMIN), but the use of these powerful roles should be restricted to appropriate personnel. Instead, Snowflake recommends that customers create a custom role hierarchy that reflects the data and user community's security requirements within each Snowflake account.

This blog post presents a methodology for developing just such a security model using Snowflake’s Role-Based Access Control (RBAC) scheme. It recommends an approach that distinguishes object access roles from user functional roles and then describes how to build a unified security model that combines both types of roles.

Background

Snowflake’s RBAC scheme defines who can access and perform operations on specific objects (tables, views, schemas, etc.) within an account. Roles are the entities to which privileges on securable database objects can be granted and revoked and are assigned to users to allow them to perform actions required for business functions in their organization. It looks something like…

About

Craig Warman

Fitness enthusiast, motorcycle rider, Big Data technologist. I’ve made a lot of mistakes in life, so I’m pretty good at apologizing.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store