Reputation: 11
Snowflake Data Sharing - Any way to grant user specific access?
We're looking to share data with departments that share a single Snowflake account, but need differential access to our data.
From the Snowflake documentation, it looks like sharing is always at the account level. Is there any way user or role level access can be controlled from the data provider side, or does this require the data consumer to do the appropriate grants?
Update: We're using secure data sharing to share data between accounts. We want to be able to restrict access to certain users or roles on the other account, if possible.
Upvotes: 1
Views: 488
Answers (2)
Reputation: 51
No, this is not possible. You can't restrict access to users or roles on the other account from the provider account.
You can only control the object access to the share like granting/revoking select access on tables and secured views in the provider account.
Reference: https://docs.snowflake.com/en/user-guide/data-sharing-gs
Upvotes: 0
Reputation: 980
The snowflake access is actually role-level, there's no account-level access. The roles are set in a hierarchy and you can use that to customize your access quite extensively. Please take a while to read about the best practices before setting up the roles:
https://docs.snowflake.net/manuals/user-guide/security-access-control-considerations.html
edit: and for secure data sharing you're most likely looking at https://docs.snowflake.net/manuals/user-guide/data-sharing-reader-config.html
Upvotes: 2
Related Questions
- Granular access control for shared databases in Snowflake
- Snowflake sharing to Data Consumer
- grant usage on particular view in snowflake
- snowflake - query grants to role
- Snowflake - Grant permissions by username
- Snowflake privileges
- Limitation of roles and users in snowflake
- Read-only privilege to view users in Snowflake
- Row level access control in snowflake
- Snowflake Data sharing across instances