Securiti Named a 2022 Cool Vendor in Data Security by GartnerDownload Now
Published on December 22, 2021 AUTHOR - Privacy Research Team
Data Access Controls are an essential part of data governance for any database. These controls are necessary to protect data from unauthorized access and usage by malicious actors.
In Snowflake, data access control privileges determine:
Snowflake provides visibility of access controls at a granular level. Snowflake Administrators can see all the privileges each user has and ensure all access privileges comply with the organization’s data governance policies.
Snowflake’s role-based access controls define which role gets access to what objects in the database and for which purposes.
RBACs make data governance in Snowflake easy and efficient too. System administrators only need to set up access controls for each role once. After that, when an individual is allocated a specific role, they are automatically given access to data, according to the organization’s governance policies.
In Snowflake, a user can also be assigned multiple roles if required. Users can switch roles to perform different actions using separate sets of privileges. Users with appropriate access can also create custom roles.
Snowflake has some system-defined roles such as Account Administrator, Security Administrator, User Administrator, System Administrator, and a default role called Public. Depending on the organization’s requirements, the user administrator can give additional privileges to each role. Security Administrators can also create custom roles in Snowflake and assign specific privileges to them. The privileges associated with a role are inherited by any roles above that role in the hierarchy.
Data Access Controls are granted to roles that are then assigned to individual users. There are several factors that data governance professionals need to consider when creating data control policies for managing secure access to their Snowflake instance and the data stored within the instance.
The Snowflake instance may contain personal data and sensitive personal data of customers, vendors, or employees. While formulating data governance policies, the team needs to assess each role’s specific data access needs and assign privileges accordingly. Personal and Sensitive Personal Data requires additional protection, and access should be carefully restricted.
For example, a payroll analyst might need access to employees’ sensitive personal data like their financial accounts, tax status, age, government tax (Social Security) numbers, etc., to perform daily duties. This data is highly sensitive, and access to it should be very restricted.
On the other hand, an HR analyst might only need access to general employee information like joining dates, resignation dates, positions held, contact information, etc. This is personal information that must be restricted, but to a lesser extent than sensitive personal data.
For more information, read the extensive guide to Data Access Control Considerations in Snowflake.
Once access has been defined, there are further privileges that define the specific operations users can perform on the data within the Snowflake system.
Similar to access control considerations, data governance teams need to carefully assess each role’s duties and responsibilities to determine the appropriate privileges and grant them. To use the previous examples, HR representatives should be able to change the name of the employee. home address details, next of kin and many other fields, but not the date of birth. Payroll should be able to change banking details, update tax information, but other personal data changes are likely not in their remit.
Snowflake has extensive privileges that user administrators can assign to multiple roles. For instance, a database administrator will need database privileges that will allow him to modify and monitor the database or create schemas. However, to safeguard the data itself, organizations need to decide whether the database administrator can only change the schema, but not the data within the database. On the other hand, a data analyst might be only granted querying privileges using the SELECT statement.
For more information, go through the detailed guide on Data Access Control Privileges in Snowflake.
Securiti has designed a customized solution that integrates natively with Snowflake and simplifies Data Governance, privacy, and data security with automation.
Securiti incorporates all of the Data Governance features in Snowflake and simplifies policy enforcement with automation. Once Data Governance policies are defined, the solution continuously monitors data access and usage configurations, with automatic alerts that flag any misconfigurations.
The solution also incorporates:
Securiti specializes in providing cutting-edge, A.I-powered data privacy solutions that automate:
Securiti’s solution also incorporates all of Snowflake’s native data security features, including:
June 21, 2022
When the California Privacy Rights Act (CPRA) comes into effect, replacing the existing California Consumer Privacy Act (CCPA), organizations will have to change their current business practices around personal information handling. One significant change will be Regular Risk...
June 20, 2022
Privacy laws and regulations are enacted to bring transparency and accountability to an organization’s behavior when it comes to collecting and processing users’ personal data. Before the introduction of the GDPR article 30, accountability and transparency associated with...
PO Box 13039,
Coyote CA 95013