Products
By Use Cases By Roles
Data Command Center
View
Learn more

AI Security & Governance

Discover, assess, and safeguard AI usage

Learn more

Asset and Data Discovery

Discover dark and native data assets

Learn more

Data Access Intelligence & Governance

Identify which users have access to sensitive data and prevent unauthorized access

Learn more

Data Privacy Automation

PrivacyCenter.Cloud | Data Mapping | DSR Automation | Assessment Automation | Vendor Assessment | Breach Management | Privacy Notice

Learn more

Sensitive Data Intelligence

Discover & Classify Structured and Unstructured Data | People Data Graph

Learn more

Data Flow Intelligence & Governance

Prevent sensitive data sprawl through real-time streaming platforms

Learn more

Data Consent Automation

First Party Consent | Third Party & Cookie Consent

Learn more

Data Security Posture Management

Secure sensitive data in hybrid multicloud and SaaS environments

Learn more

Data Breach Impact Analysis & Response

Analyze impact of a data breach and coordinate response per global regulatory obligations

Learn more

Data Catalog

Automatically catalog datasets and enable users to find, understand, trust and access data

Learn more

Data Lineage

Track changes and transformations of data throughout its lifecycle

Learn more

Compliance Management

Automate Compliance with Global AI and Data Frameworks using Common Controls and Tests
Data Controls Orchestrator
View
Data Command Center
View
Sensitive Data Intelligence
View

Asset Discovery
Data Discovery & Classification
Sensitive Data Catalog
People Data Graph
Learn more

Privacy

Automate compliance with global privacy regulations

Data Mapping Automation

View

AI Security & Governance

View

Data Subject Request Automation

View

People Data Graph

View

Assessment Automation

View

Cookie Consent

View

Universal Consent

View

Vendor Risk Assessment

View

Breach Management

View

Privacy Policy Management

View

Privacy Center

View

Learn more

Security

Identify data risk and enable protection & control

Data Security Posture Management

View

AI Security & Governance

View

Data Access Intelligence & Governance

View

Data Risk Management

View

Data Breach Analysis

View

Learn more

Governance

Optimize Data Governance with granular insights into your data

Data Catalog

View

Data Lineage

View

Data Quality

View

AI Security & Governance

View

Compliance Management

View
Data Controls Orchestrator
View
Solutions
Technologies

Covering you everywhere with 1000+ integrations across data systems.

Snowflake

View

AWS

View

Microsoft 365

View

Salesforce

View

Workday

View

GCP

View

Azure

View

Oracle

View

Databricks

View

Learn more

Regulations

Automate compliance with global privacy regulations.

US California CCPA

View

CPRA
California Privacy Rights Act

View

European Union GDPR

View

Thailand’s PDPA

View

China PIPL

View

Canada PIPEDA Compliance Solution

View

Brazil's LGPD

View

+ More

View

Learn more

Roles

Identify data risk and enable protection & control.

Privacy

View

Security

View

Governance

View

Marketing

View
Resources

Blog

Read through our articles written by industry experts

Collateral

Product brochures, white papers, infographics, analyst reports and more.

Knowledge Center

Learn about the data privacy, security and governance landscape.

Securiti Education

Courses and Certifications for data privacy, security and governance professionals.
Company

About Us

Learn all about Securiti, our mission and history

Partner Program

Join our Partner Program

Contact Us

Contact us to learn more or schedule a demo

News Coverage

Read about Securiti in the news

Press Releases

Find our latest press releases

Careers

Join the talented Securiti team

Blog » Data Access & Intelligence Governance

A Quick Guide to Data Access Controls for Snowflake

Published December 22, 2021

What are Data Access Controls in Snowflake?

Data Access Controls are an essential part of data governance for any database. These controls are necessary to protect data from unauthorized access and usage by malicious actors.

In Snowflake, data access control privileges determine:

Who can access, and
Use the data to perform operations on specific objects in Snowflake.

Snowflake provides visibility of access controls at a granular level. Snowflake Administrators can see all the privileges each user has and ensure all access privileges comply with the organization’s data governance policies.

What are Role-Based Access Controls (RBACs) in Snowflake?

Snowflake’s role-based access controls define which role gets access to what objects in the database and for which purposes.

RBACs make data governance in Snowflake easy and efficient too. System administrators only need to set up access controls for each role once. After that, when an individual is allocated a specific role, they are automatically given access to data, according to the organization’s governance policies.

In Snowflake, a user can also be assigned multiple roles if required. Users can switch roles to perform different actions using separate sets of privileges. Users with appropriate access can also create custom roles.

Snowflake has some system-defined roles such as Account Administrator, Security Administrator, User Administrator, System Administrator, and a default role called Public. Depending on the organization’s requirements, the user administrator can give additional privileges to each role. Security Administrators can also create custom roles in Snowflake and assign specific privileges to them. The privileges associated with a role are inherited by any roles above that role in the hierarchy.

The Data Access Control Considerations in Snowflake

Data Access Controls are granted to roles that are then assigned to individual users. There are several factors that data governance professionals need to consider when creating data control policies for managing secure access to their Snowflake instance and the data stored within the instance.

The Snowflake instance may contain personal data and sensitive personal data of customers, vendors, or employees. While formulating data governance policies, the team needs to assess each role’s specific data access needs and assign privileges accordingly. Personal and Sensitive Personal Data requires additional protection, and access should be carefully restricted.

For example, a payroll analyst might need access to employees’ sensitive personal data like their financial accounts, tax status, age, government tax (Social Security) numbers, etc., to perform daily duties. This data is highly sensitive, and access to it should be very restricted.

On the other hand, an HR analyst might only need access to general employee information like joining dates, resignation dates, positions held, contact information, etc. This is personal information that must be restricted, but to a lesser extent than sensitive personal data.

For more information, read the extensive guide to Data Access Control Considerations in Snowflake.

The Data Access Control Privileges in Snowflake

Once access has been defined, there are further privileges that define the specific operations users can perform on the data within the Snowflake system.

Similar to access control considerations, data governance teams need to carefully assess each role’s duties and responsibilities to determine the appropriate privileges and grant them. To use the previous examples, HR representatives should be able to change the name of the employee. home address details, next of kin and many other fields, but not the date of birth. Payroll should be able to change banking details, update tax information, but other personal data changes are likely not in their remit.

Snowflake has extensive privileges that user administrators can assign to multiple roles. For instance, a database administrator will need database privileges that will allow him to modify and monitor the database or create schemas. However, to safeguard the data itself, organizations need to decide whether the database administrator can only change the schema, but not the data within the database. On the other hand, a data analyst might be only granted querying privileges using the SELECT statement.

For more information, go through the detailed guide on Data Access Control Privileges in Snowflake.

Manage Snowflake Data Access Controls and more with Securiti

Securiti has designed a customized solution that integrates natively with Snowflake and simplifies Data Governance, privacy, and data security with automation.

Data Governance for Snowflake

Securiti incorporates all of the Data Governance features in Snowflake and simplifies policy enforcement with automation. Once Data Governance policies are defined, the solution continuously monitors data access and usage configurations, with automatic alerts that flag any misconfigurations.

The solution also incorporates:

Dynamic Data masking based on roles and policies to restrict access & usage of sensitive data from unauthorized personnel.
Table, column, and even row-level access policy enforcement.
User access history audits to detect any non-compliance with governance policies.

Learn more about Securiti’s Data Governance features for Snowflake

Data Privacy for Snowflake

Securiti specializes in providing cutting-edge, A.I-powered data privacy solutions that automate:

Data Mapping and Classification of personal data,
Quick and accurate DSR fulfillment.
- Using a conversational interface (Auti) you can extract any individual’s personal data within minutes.
Comprehensive Privacy Risk Assessments that enable proactive approaches.
Data Breach Management Notifications that meet strict regulatory requirements and notify all impacted parties as quickly as possible.
The Workflow Orchestration feature uses a simple drag-and-drop design and helps automate various privacy, governance, and security functions within Snowflake.

Learn more about Securiti’s Data Privacy features for Snowflake.

Data Security for Snowflake

Securiti’s solution also incorporates all of Snowflake’s native data security features, including:

Network Security:
- Site access is controlled through IP allow and block lists, managed through network policies.
Account/user authentication:
- MFA (multi-factor authentication) for increased security for account access by users.
- Automated security scanning of any misconfigurations. Snowflake Security Administrators can decide to remediate any misconfigurations automatically or receive notifications.
Compliance with Data Regulations like PCI-DSS, HIPAA, and more.
- Map security policies to specific standard controls and regulatory compliance.
- Generate one-click reports to demonstrate compliance coverage to regulators and auditors for various data privacy and security regulations.

A Quick Guide to Data Access Controls for Snowflake

What are Data Access Controls in Snowflake?

What are Role-Based Access Controls (RBACs) in Snowflake?

The Data Access Control Considerations in Snowflake

The Data Access Control Privileges in Snowflake

Manage Snowflake Data Access Controls and more with Securiti

Data Governance for Snowflake

Data Privacy for Snowflake

Data Security for Snowflake

More Stories that May Interest You

Newsletter

Company

Resources

Terms

Get in touch

A Quick Guide to Data Access Controls for Snowflake

What are Data Access Controls in Snowflake?

What are Role-Based Access Controls (RBACs) in Snowflake?

The Data Access Control Considerations in Snowflake

The Data Access Control Privileges in Snowflake

Manage Snowflake Data Access Controls and more with Securiti

Data Governance for Snowflake

Data Privacy for Snowflake

Data Security for Snowflake

Join Our Newsletter

Share

More Stories that May Interest You

Command Your Data with Securiti and Snowflake Horizon

Snowflake and Securiti Partnership Enables Data Innovation at Scale

How to Enhance Snowflake Data Sharing Environments Securely

Newsletter

Company

Resources

Terms

Get in touch

What'sNew

What's
New