Snowflake Database – Managing User Access Control and More

Become an expert with Snowflake access control including users, roles, role-based access, privileges and more

Snowflake’s approach to access control combines aspects from Discretionary Access Control (DAC) where each object has an owner, who can in turn grant access to that object. Also included are aspects from Role-based Access Control (RBAC) where access privileges are assigned to roles, which are in turn assigned to users.

What you’ll learn

  • User Access Management.
  • Roles and Role Hierarchy.
  • Role-based Access.
  • Privileges and their scope to objects and assignment to roles.
  • Quick ways to improve your Snowflake user access security.
  • Column Security (Data Masking).
  • Many useful queries.

Course Content

  • Introduction –> 2 lectures • 18min.
  • Access Control (Roles and Privileges) –> 12 lectures • 1hr 52min.
  • Miscellaneous Related Topics –> 5 lectures • 42min.
  • Test Your Knowledge –> 1 lecture • 11min.

Snowflake Database - Managing User Access Control and More

Requirements

  • Some working level experience would be helpful.

Snowflake’s approach to access control combines aspects from Discretionary Access Control (DAC) where each object has an owner, who can in turn grant access to that object. Also included are aspects from Role-based Access Control (RBAC) where access privileges are assigned to roles, which are in turn assigned to users.

There are key concepts that are necessary in order to understand access control in Snowflake. These include:

Securable objects: Entities to which access can be granted.

Roles: An entity to which privileges can be granted. Roles are in turn assigned to users. Note that roles can also be assigned to other roles, creating a role hierarchy which is a critical concept to understand in Snowflake

Privileges: The ability to perform some action on an object. Multiple distinct privileges may be used to control the granularity of access granted.

Users: A user identity recognized by Snowflake, whether associated with a person or application.

In the Snowflake role-based access model, access to securable objects is allowed via privileges assigned to roles, which are in turn assigned to other roles or users. In addition, each securable object has an owner that can grant access to other roles. This model differs from user-based access control models, where rights and privileges are assigned to each user or group of users. The Snowflake model is designed to provide a significant amount of both control and flexibility.

After completing this course you will have a complete understanding of these concepts and more.