Course Overview
Snowflake For Data Engineers

Snowflake Permission Model

Lesson #5

In this lesson we will:

  • Learn about the Snowflake permission model, including users and roles, and how they are used to control access to data and objects within your databases;
  • Learn about Row Level Access Control.

Role Based Access Control

As with many databases, Snowflake has a Role Based Access Control Model. Permissions to read or write certain database objects are granted to roles, and roles are granted to users.

A database object could of course be a table containing data, but the same model applies to all database objects, including accounts, databases, views, stored procedures etc.

A common set of roles might look like the below:


A particular set of permissions might be:

  • MANAGER has read and write permission for table SALES
  • SALESPERSON has read permission to table SALES

Creating Roles

Roles are created using SQL

create role storemanager;
create role storeemployee;

Granting Permissions To Roles

We then grant permissions to the manager role.

alter role storemanager add
alter role storemanager add

Granting Permissions To Users

We can also grant permissions directly to users rather than indirectly via a role:

alter user benjamin grant role manager

Row Level Access Control

The Role Based Access Control model outlined above is mainly used for controlling permissions at the database object level, such as allowing individual users the ability to read or write entire tables.

In some situations, we need more granular access to enable us to limit a subset of data to a specific user or role. For instance, maybe people with SALESPEOPLE role.

This is referred to as Row Level Access Policies. This will be described in more detail in a seperate lesson.

Next Lesson:

Snowflake Billing

In this lesson we will learn about the Snowflake billing and credit model.

0h 15m

Continuous Delivery For Data Engineers

This site has been developed by the team behind Timeflow, an Open Source CI/CD platform designed for Data Engineers who use dbt as part of the Modern Data Stack. Our platform helps Data Engineers improve the quality, reliability and speed of their data transformation pipelines.

Join our mailing list for our latest insights on Data Engineering:

Timeflow Academy is the leading online, hands-on platform for learning about Data Engineering using the Modern Data Stack. Bought to you by Timeflow CI

© 2023 Timeflow Academy. All rights reserved