How to Scale Snowflake Roles Management?

How to Scale Snowflake Roles Management?

Snowflake Inc. is a well-reputed American cloud-based organization found in 2012. The company is based in San Mateo, California. The company was publically launched in 2014 by Bob Muglia after setting in Stealth mode for two years.

Snowflake Role Management

Role-Based Access Controls (RBAC) are the fundamental tenets of premium data governance. They play a vital role in keeping sensitive and proprietary information safe in today’s enterprise environments. Snowflake takes advantage of roles to control access to objects within a system. 

Roles are certain granted access privileges for objects in the system such as databases, tables, etc. Roles are given to the users to create, modify, and use the items for which these roles have the privileges.

 With the advancements in technology, the demand for accessible data access controls is reaching critical mass. This increased demand pushes leading data providers to generate constant streams of enhanced capabilities that can support growing data governance programs. 

That’s where Snowflake is playing its role. This system is a world-leading data provider and provides services using a wide range of native tools and services.

Methods of Snowflake Role Management

Here we will investigate what this company has to offer and discuss some of the pros and cons of Snowflake’s RBAC for fulfilling enterprise workflows and needs.

·      By Implementing IAM Groups

The snowflake administrators usually assign data ownership to IAM or IDP groups converted to Snowflake roles. This means that marketing or a subset of marketing group generally has right over data enrichment. 

This system creates an ideal situation in which the identity management team can maintain the user’s context. Also, access to the data is limited according to the groups you already have for your organization’s users.

·      Using Custom Snowflake Permissions

Snowflake’s unique control allows a viable route for scaled RBAC. However, authorization is only one side of the coin. Data owns will still have to grant access to them. Data engineers give access by enabling one of the Snowflake’s customer’s roles.

Enabling allows setting specific roles for the project or users of a particular domain. Resultantly, they don’t have to rely on and delay access until the identity team generates a new group.

An important thing to note is that snowflake user management the access has to be meted through roles. So this method ensures that the permit will be granted to anyone else grouped in that role too.

Granting access has a few drawbacks as well that you must keep in your mind. Once you provide access to more than one person, he must remove that access as soon as it is no longer needed. Also, it is vital to keep track of data changes because data is a moving target and may require additional configurations to stay optimized.

·      Setting the Role Hierarchy

Snowflake Roles Hierarchy can optimize data authorization. It does so by enabling users to create an abstraction layer in which roles can gain access to other roles’ privileges. Examples include:

USER_ENRICHMENTS

This role has access to the user enrichments dataset configured by data engineering.

MARKETING_RESEARCH and DATA_SCIENCE inherit from this role

·      Hierarchy Hell

Scaling using this tool demands advanced care. Hierarchies may complicate data access flows if they are implemented without well-thought planning and strategy. There are probable chances of flows collapsing under the inevitable chaos of unstructured hierarchies. This happens because layers of role tend to form with time, and removing the complexity becomes a risky task that teams are unwilling to take on. Hence, this process must be done with extreme care and planning.

·      Adding More Roles per User

Another method that data teams can adopt is adding individual roles for one user, which means that each user gets a dedicated role. This method ensures more granularity and reduces the risk of future over-privileged environments.

·      Granting Open Access

This method involves eliminating all data restrictions. The users are granted broad access upon receiving access to the Snowflake data warehouse. This method certainly reduces the amount of time spent on giving access to users; however, the technique is most risky.

·      Adding a Self-Service Data Portal

Self-service is amongst the best methods for scaling. This method allows temporary access to datasets. The process can take the form of a correctly oriented workflow based on a central business process. 

There can be several ways of achieving this. One such method is writing an application that manages Snowflake roles and users by sending GRANT and REVOKE SQL queries to Snowflake and keeping track of the granted access. 

Christophe Rude
Christophe Rude
Articles: 15880