Object Tagging with Snowflake

Thanks for reading my earlier blog in the Data Governance series. In case you missed reading the blog, you can refer to it here — https://medium.com/snowflake/snowflake-dynamic-data-masking-4ef7b53b414e

This blog helps you understand tagging in Snowflake. This also covers tagging details — how you can create them, use them, assign to the database objects, and track them for usage.

What is Tagging?

Tagging is the process to define a tag for a database object. This tag can be used to identify the object and use it to implement data classification, data protection, compliance, and usage. This can be used in centralized as well as de-centralized approaches to implementation. Centralized implementation follows the Snowflake recommendation, Role setup, and Access control policies setup, follows the organizational hierarchy, and flows down the rules, and policies to the database objects as per hierarchy.

What is Tag?

A tag is a schema-level object that can be defined and assigned to one or more different types of objects. You can assign a string value to a Tag. A tag can be assigned to a table, views, columns as well as a warehouse. Snowflake limits the number of tags in an account to 10,000. You can assign multiple tags to an object. This is an enterprise feature.

How to create Tag?

You can create a tag using CREATE statement.

CREATE TAG cost_center COMMENT = ‘cost_center tag’;

How to assign Tag to an object?

You can use tags while creating objects or you can also assign them using ALTER command.

CREATE WAREHOUSE DEV_WH WITH TAG (cost_center = 'DEV');

ALTER WAREHOUSE QA_WH SET TAG cost_center = ‘QA’;

How object Tag works? What is the hierarchy of Tags?

Tag follows the Snowflake object hierarchy, if you create a tag at a table level then it also gets applied to the columns.

What are the benefits of Tag?

Below are some of the benefits —

1. Ease of use — Define once and apply it to multiple objects.
2. Tag Lineage — Since tags are inherited, applying the tag to objects higher in the securable objects hierarchy results in the tag being applied to all child objects. For example, if a tag is set on a table, the tag will be inherited by all columns in that table.
3. Sensitive data tracking — Tags simplify identifying sensitive data (e.g. PII, Secret) and bring visibility to Snowflake resource usage.
4. Easy Resource Tracking — With data and metadata in the same system, analysts can quickly determine which resources consume the most Snowflake credits based on the tag definition (e.g. cost_center, department).
5. Centralized or De-centralized Data Management —
   Tags support different management approaches to facilitate compliance with internal and external regulatory requirements.

How to DISCOVER Tags?

You can use SELECT to list the tags-

SELECT * FROM SNOWFLAKE.ACCOUNT_USAGE.TAGS ORDER BY TAG_NAME;

What all commands can be used for tags?

You can use all DDL commands for tags — CREATE, ALTER, DROP, UNDROP, SHOW. You can use these to create, alter, drop, or restore as well as list down the tag details from a database and schema.

Sample Use case to tag PII data —

1. Create a tag to list all sensitive data —

CREATE TAG sensitive_data COMMENT = ‘PII data tag’;

2. Assign a tag to objects to identify PII data —

USE DATABASE POC_DEV_DB;

USE SCHEMA POC;

ALTER TABLE employee_info modify column employee_ssn SET TAG sensitive_data = ‘Employee data’

Hope this blog helps you to understand object tagging. Tagging helps to define the tag to objects, used to capture usage and data classification.

About Me :

I am one of the Snowflake Data Superheroes 2023. I am also one of the Snowflake SnowPro Core SME- Certification Program. I am a DWBI and Cloud Architect! I am currently working as Senior Data Architect — GCP, Snowflake. I have been working with various Legacy data warehouses, Bigdata Implementations, and Cloud platforms/Migrations. I am SnowPro Core certified Data Architect as well as Google certified Google Professional Cloud Architect. You can reach out to me LinkedIn if you need any further help on certification, Data Solutions, and Implementations!