Securiti leads GigaOm's DSPM Vendor Evaluation with top ratings across technical capabilities & business value.

View

A Quick Guide to Data Access Controls for Snowflake

Published December 22, 2021
Author

Omer Imran Malik

Data Privacy Legal Manager, Securiti

FIP, CIPT, CIPM, CIPP/US

Listen to the content

This post is also available in: Brazilian Portuguese

What are Data Access Controls in Snowflake?

Data Access Controls are an essential part of data governance for any database. These controls are necessary to protect data from unauthorized access and usage by malicious actors.

In Snowflake, data access control privileges determine:

  1. Who can access, and
  2. Use the data to perform operations on specific objects in Snowflake.

Snowflake provides visibility of access controls at a granular level. Snowflake Administrators can see all the privileges each user has and ensure all access privileges comply with the organization’s data governance policies.

What are Role-Based Access Controls (RBACs) in Snowflake?

Snowflake’s role-based access controls define which role gets access to what objects in the database and for which purposes.

RBACs make data governance in Snowflake easy and efficient too. System administrators only need to set up access controls for each role once. After that, when an individual is allocated a specific role, they are automatically given access to data, according to the organization’s governance policies.

In Snowflake, a user can also be assigned multiple roles if required. ​Users can switch roles to perform different actions using separate sets of privileges. Users with appropriate access can also create custom roles.

Snowflake has some system-defined roles such as Account Administrator, Security Administrator, User Administrator, System Administrator, and a default role called Public. Depending on the organization’s requirements, the user administrator can give additional privileges to each role. Security Administrators can also create custom roles in Snowflake and assign specific privileges to them. The privileges associated with a role are inherited by any roles above that role in the hierarchy.

The Data Access Control Considerations in Snowflake

Data Access Controls are granted to roles that are then assigned to individual users. There are several factors that data governance professionals need to consider when creating data control policies for managing secure access to their Snowflake instance and the data stored within the instance.

The Snowflake instance may contain personal data and sensitive personal data of customers, vendors, or employees. While formulating data governance policies, the team needs to assess each role’s specific data access needs and assign privileges accordingly. Personal and Sensitive Personal Data requires additional protection, and access should be carefully restricted.

For example, a payroll analyst might need access to employees’ sensitive personal data like their financial accounts, tax status, age, government tax (Social Security) numbers, etc., to perform daily duties. This data is highly sensitive, and access to it should be very restricted.

On the other hand, an HR analyst might only need access to general employee information like joining dates, resignation dates, positions held, contact information, etc. This is personal information that must be restricted, but to a lesser extent than sensitive personal data.

For more information, read the extensive guide to Data Access Control Considerations in Snowflake.

The Data Access Control Privileges in Snowflake

Once access has been defined, there are further privileges that define the specific operations users can perform on the data within the Snowflake system.

Similar to access control considerations, data governance teams need to carefully assess each role’s duties and responsibilities to determine the appropriate privileges and grant them. To use the previous examples, HR representatives should be able to change the name of the employee. home address details, next of kin and many other fields, but not the date of birth. Payroll should be able to change banking details, update tax information, but other personal data changes are likely not in their remit.

Snowflake has extensive privileges that user administrators can assign to multiple roles. For instance, a database administrator will need database privileges that will allow him to modify and monitor the database or create schemas. However, to safeguard the data itself, organizations need to decide whether the database administrator can only change the schema, but not the data within the database. On the other hand, a data analyst might be only granted querying privileges using the SELECT statement.

For more information, go through the detailed guide on Data Access Control Privileges in Snowflake.

Manage Snowflake Data Access Controls and more with Securiti

Securiti has designed a customized solution that integrates natively with Snowflake and simplifies Data Governance, privacy, and data security with automation.

Data Governance for Snowflake

Securiti incorporates all of the Data Governance features in Snowflake and simplifies policy enforcement with automation. Once Data Governance policies are defined, the solution continuously monitors data access and usage configurations, with automatic alerts that flag any misconfigurations.

The solution also incorporates:

  • Dynamic Data masking based on roles and policies to restrict access & usage of sensitive data from unauthorized personnel.
  • Table, column, and even row-level access policy enforcement.
  • User access history audits to detect any non-compliance with governance policies.

Learn more about Securiti’s Data Governance features for Snowflake

Data Privacy for Snowflake

Securiti specializes in providing cutting-edge, A.I-powered data privacy solutions that automate:

  • Data Mapping and Classification of personal data,
  • Quick and accurate DSR fulfillment.
    • Using a conversational interface (Auti) you can extract any individual’s personal data within minutes.
  • Comprehensive Privacy Risk Assessments that enable proactive approaches.
  • Data Breach Management Notifications that meet strict regulatory requirements and notify all impacted parties as quickly as possible.
  • The Workflow Orchestration feature uses a simple drag-and-drop design and helps automate various privacy, governance, and security functions within Snowflake.

Learn more about Securiti’s Data Privacy features for Snowflake.

Data Security for Snowflake

Securiti’s solution also incorporates all of Snowflake’s native data security features, including:

  • Network Security:
    • Site access is controlled through IP allow and block lists, managed through network policies.
  • Account/user authentication:
    • MFA (multi-factor authentication) for increased security for account access by users.
    • Automated security scanning of any misconfigurations. Snowflake Security Administrators can decide to remediate any misconfigurations automatically or receive notifications.
  • Compliance with Data Regulations like PCI-DSS, HIPAA, and more.
    • Map security policies to specific standard controls and regulatory compliance.
    • Generate one-click reports to demonstrate compliance coverage to regulators and auditors for various data privacy and security regulations.
Join Our Newsletter

Get all the latest information, law updates and more delivered to your inbox


Share

More Stories that May Interest You
Videos
View More
Mitigating OWASP Top 10 for LLM Applications 2025
Generative AI (GenAI) has transformed how enterprises operate, scale, and grow. There’s an AI application for every purpose, from increasing employee productivity to streamlining...
View More
Top 6 DSPM Use Cases
With the advent of Generative AI (GenAI), data has become more dynamic. New data is generated faster than ever, transmitted to various systems, applications,...
View More
Colorado Privacy Act (CPA)
What is the Colorado Privacy Act? The CPA is a comprehensive privacy law signed on July 7, 2021. It established new standards for personal...
View More
Securiti for Copilot in SaaS
Accelerate Copilot Adoption Securely & Confidently Organizations are eager to adopt Microsoft 365 Copilot for increased productivity and efficiency. However, security concerns like data...
View More
Top 10 Considerations for Safely Using Unstructured Data with GenAI
A staggering 90% of an organization's data is unstructured. This data is rapidly being used to fuel GenAI applications like chatbots and AI search....
View More
Gencore AI: Building Safe, Enterprise-grade AI Systems in Minutes
As enterprises adopt generative AI, data and AI teams face numerous hurdles: securely connecting unstructured and structured data sources, maintaining proper controls and governance,...
View More
Navigating CPRA: Key Insights for Businesses
What is CPRA? The California Privacy Rights Act (CPRA) is California's state legislation aimed at protecting residents' digital privacy. It became effective on January...
View More
Navigating the Shift: Transitioning to PCI DSS v4.0
What is PCI DSS? PCI DSS (Payment Card Industry Data Security Standard) is a set of security standards to ensure safe processing, storage, and...
View More
Securing Data+AI : Playbook for Trust, Risk, and Security Management (TRiSM)
AI's growing security risks have 48% of global CISOs alarmed. Join this keynote to learn about a practical playbook for enabling AI Trust, Risk,...
AWS Startup Showcase Cybersecurity Governance With Generative AI View More
AWS Startup Showcase Cybersecurity Governance With Generative AI
Balancing Innovation and Governance with Generative AI Generative AI has the potential to disrupt all aspects of business, with powerful new capabilities. However, with...

Spotlight Talks

Spotlight 11:29
Not Hype — Dye & Durham’s Analytics Head Shows What AI at Work Really Looks Like
Not Hype — Dye & Durham’s Analytics Head Shows What AI at Work Really Looks Like
Watch Now View
Spotlight 11:18
Rewiring Real Estate Finance — How Walker & Dunlop Is Giving Its $135B Portfolio a Data-First Refresh
Watch Now View
Spotlight 13:38
Accelerating Miracles — How Sanofi is Embedding AI to Significantly Reduce Drug Development Timelines
Sanofi Thumbnail
Watch Now View
Spotlight 10:35
There’s Been a Material Shift in the Data Center of Gravity
Watch Now View
Spotlight 14:21
AI Governance Is Much More than Technology Risk Mitigation
AI Governance Is Much More than Technology Risk Mitigation
Watch Now View
Spotlight 12:!3
You Can’t Build Pipelines, Warehouses, or AI Platforms Without Business Knowledge
Watch Now View
Spotlight 47:42
Cybersecurity – Where Leaders are Buying, Building, and Partnering
Rehan Jalil
Watch Now View
Spotlight 27:29
Building Safe AI with Databricks and Gencore
Rehan Jalil
Watch Now View
Spotlight 46:02
Building Safe Enterprise AI: A Practical Roadmap
Watch Now View
Spotlight 13:32
Ensuring Solid Governance Is Like Squeezing Jello
Watch Now View
Latest
Shrink The Blast Radius: Automate Data Minimization with DSPM View More
Shrink The Blast Radius:

Automate Data Minimization with DSPM

Recently, DaVita disclosed a ransomware incident that ultimately impacted about 2.7 million people, and it’s already booked $13.5M in related costs this quarter. Healthcare...
Why I Joined Securiti View More
Why I Joined Securiti
I’m beyond excited to join Securiti.ai as a sales leader at this pivotal moment in their journey. The decision was clear, driven by three...
Key Data Protection Reforms Introduced by the Data Use and Access Act View More
Key Data Protection Reforms Introduced by the Data Use and Access Act
UK DUAA 2025 updates UK GDPR, DPA and PECR. Changes cover research and broad consent, legitimate interests and SARs, automated decisions, transfers and cookies.
FTC's 2025 COPPA Final Rule Amendments View More
FTC’s 2025 COPPA Final Rule Amendments: What You Need to Know
Gain insights into FTC's 2025 COPPA Final Rule Amendments. Discover key definitions, notices, consent choices, methods, exceptions, requirements, etc.
View More
Is Your Business Ready for the EU AI Act August 2025 Deadline?
Download the whitepaper to learn where your business is ready for the EU AI Act. Discover who is impacted, prepare for compliance, and learn...
View More
Getting Ready for the EU AI Act: What You Should Know For Effective Compliance
Securiti's whitepaper provides a detailed overview of the three-phased approach to AI Act compliance, making it essential reading for businesses operating with AI.
Navigating the Minnesota Consumer Data Privacy Act (MCDPA) View More
Navigating the Minnesota Consumer Data Privacy Act (MCDPA): Key Details
Download the infographic to learn about the Minnesota Consumer Data Privacy Act (MCDPA) applicability, obligations, key features, definitions, exemptions, and penalties.
EU AI Act Mapping: A Step-by-Step Compliance Roadmap View More
EU AI Act Mapping: A Step-by-Step Compliance Roadmap
Explore the EU AI Act Mapping infographic—a step-by-step compliance roadmap to help organizations understand key requirements, assess risk, and align AI systems with EU...
The DSPM Architect’s Handbook View More
The DSPM Architect’s Handbook: Building an Enterprise-Ready Data+AI Security Program
Get certified in DSPM. Learn to architect a DSPM solution, operationalize data and AI security, apply enterprise best practices, and enable secure AI adoption...
Gencore AI and Amazon Bedrock View More
Building Enterprise-Grade AI with Gencore AI and Amazon Bedrock
Learn how to build secure enterprise AI copilots with Amazon Bedrock models, protect AI interactions with LLM Firewalls, and apply OWASP Top 10 LLM...
What's
New