Lesson Overview

In this lesson we will:

  • Learn about the Snowflake permission model, including users and roles, and how they are used to control access to data and objects within your databases;
  • Learn about Row Level Access Control.

Role Based Access Control

As with many databases, Snowflake has a Role Based Access Control Model. Permissions to read or write certain database objects are granted to roles, and roles are granted to users.

A database object could of course be a table containing data, but the same model applies to all database objects, including accounts, databases, views, stored procedures etc.

A common set of roles might look like the below:

  • MANAGER
  • SALESPERSON
  • AGENT
  • CASHIER
  • ANALYST
  • DIRECTOR

A particular set of permissions might be:

  • MANAGER has read and write permission for table SALES
  • SALESPERSON has read permission to table SALES

Creating Roles

Roles are created using SQL

create role storemanager;
create role storeemployee;

Granting Permissions To Roles

We then grant permissions to the manager role.

alter role storemanager add
alter role storemanager add

Granting Permissions To Users

We can also grant permissions directly to users rather than indirectly via a role:

alter user benjamin grant role manager

Row Level Access Control

The Role Based Access Control model outlined above is mainly used for controlling permissions at the database object level, such as allowing individual users the ability to read or write entire tables.

In some situations, we need more granular access to enable us to limit a subset of data to a specific user or role. For instance, maybe people with SALESPEOPLE role.

This is referred to as Row Level Access Policies. This will be described in more detail in a seperate lesson.

Summary

In this lesson we looked at the Snowflake permission and access control model.

This is based on a common Role Based Access Control model, whereby priviledges are granted to roles, and roles are granted to specific user accounts.

We also discussed how additional controls can be implemented using Row Level Access Policies.

Next Lesson

In the Next Lesson we will learn about Snowflakes Billing and Credit systems.

This Lesson Requires A Free Membership

Sign Up

Already A Member? Log In

Next Lesson:

Snowflake Billing

Prev Lesson:

Snowflake Accounts

© 2022 Timeflow Academy.