0 0
Read Time:1 Minute, 46 Second

In the Snowflake model, Role Based Access Control is framework allows the access to securable objects via privileges assigned to roles. However ,which are in turn assigned to other roles or users.

ACCESS Control:

Discretionary Access Control (DAC): Each object has an owner and who can in turn grant access to the object.

Role-based Access Control (RBAC): Access privileges assigned to roles, which are in turn assigned to the users.

The key concepts to understanding access control in Snowflake are:

  • Securable object: An entity to which access can be granted but the access will be denied if the grant is not allowed.
  • Role: An entity to which privileges can be granted. Therefore, Roles are in turn assigned to users.
    • Roles can assigned to other roles, creating a role hierarchy.
  • Privilege: A defined level of access to an object. For instance, multiple distinct privileges used to control the granularity of access granted.
  • User: Similarly, A user is an identity is recognized by Snowflake.

Role Based Access Control : Role Hierarchy and Privilege Inheritance:

System-Defined Roles:
  • ACCOUNTADMIN (aka Account Administrator): Role that encapsulates the SYSADMIN and SECURITYADMIN system-defined roles.
    • It is the top-level role in the system and therefore, should be grant to limited number of users in your account.
  • SECURITYADMIN : (aka Security Administrator) : Creates, modify and drops user, roles, networks, monitor or grants.
    •  USERADMIN role grants to SECURITYADMIN).
    •  granted the MANAGE GRANTS security privilege
  • SYSADMIN – Has privileges to create objects the like DB,VW.
    •  Recommend assigning all the custom role.
  • USERADMIN (aka User and Role Administrator) :  granted the CREATE USER and CREATE ROLE security privileges.
  • PUBLIC:
    • Automatically grant to all users
    • Can own secured objects
    • This role is typically used in cases where explicit access control is not needed .
      • However, all users are viewed as equal with regard to their access rights

Custom Roles:

  • Roles (not system defined) create by SECURITYADMIN roles.
  • New role assigned to the user ,not to other role.
  • Assigned to the SYSADMIN
  • If not assigned, only roles with MANAGE GRANTS can modify grants on it.

Please refer the post to get the technical implementation.

To understand the RBAC flow, Click here.

About Post Author

Sachin Mittal

sachin.mittal04@gmail.com
https://cloudyard.in
Happy
0 %
Sad
0 %
Excited
0 %
Sleepy
0 %
Angry
0 %
Surprise
0 %

Related articles

Aggregation Policy in Snowflake
Snowflake Admin

Aggregation Policy in Snowflake

By Sachin Mittal
SHARE Restrictions in Snowflake
Snowflake Admin

SHARE Restrictions in Snowflake

By Sachin Mittal
Data Sharing with Listing in snowflake
Snowflake Admin

Data Sharing with Listing in snowflake

By Sachin Mittal
Execute Immediate From Stage
Snowflake Admin

Execute Immediate From Stage

By Sachin Mittal
Schema Evolution with CSV
Snowflake Admin

Schema Evolution with CSV

By Sachin Mittal

Average Rating

5 Star
0%
4 Star
0%
3 Star
0%
2 Star
0%
1 Star
0%
(Add your review)

Leave a Reply

Your email address will not be published. Required fields are marked *

Search
Social profiles

Aggregation Policy in Snowflake

Dynamic Merge in Snowflake

Credit Consumption Notification by Role

Identifying Table Types Within a Session

Customer Segmentation with Snowpark

Keeping an Eye on Your Snowflake Warehouse: Automated Monitoring and Email Alerts

Exploring Books with Snowpark and Streamlit

Automating Dynamic Table Creation with Event Logging