Snowflake Governance Management in Crisp
Introduction- This blog is primarily based on managing the governance features in Snowflake and is intended for administrators such as the users having Account Admin, Sys Admin, or the Security Admin roles in the group. Snowflake also provides the industry-leading features that ensure the highest levels of governance for your account and the users, as well as all the data you are storing and accessing. Snowflake offers the features such as dynamic data masking policies, row access polices, access history view and tagging concept associated with the objects under governance management system. Now this feature is available in enterprise edition or the higher version only.
Why to Use- 1: Best suitable for data authorization and the governance activities by data stewards. 2: You can also prohibit your privileged users having Account Admin or Security Admin role from unnecessarily viewing data in the group. 3: Write a policy once and have it apply to thousands of columns across databases and schemas. 4: Masking policies or row access policies are easy to manage and only need built-in functionality, no third-parties required. 5: Access history view helps in discovering the unused data to determine whether to archive or delete the data in Snowflake for data storage point of view. 6: Since tags are inherited, applying the tag to objects higher results the same being applied to all child objects. 7: Tags simplify in identifying the sensitive data such as PII and bring visibility to Snowflake resource usage monitoring. With data and the metadata in the same system, analysts can quickly determine which resources are consuming the most Snowflake credits based on the tag definition if tags are applied properly.
Classification- Snowflake widely divided into four categories as per the usage and based on the transactions in general. Putting my best to describe those in details at a very high level for initial level of understanding about the product.
Limitations- 1: Masking policies defined under column-level security can’t be applied on geography data type. 2: For dynamic data masking, if the masking policy on a table or view column references an external function, the table or view can’t be shared. 3: Masking policies can’t be applied to virtual columns. Apply the policy to the source table column or view column. 4: Snowflake does not support attaching a row access policy to the stream object itself. 5: Database objects protected by a row access policy can’t be used with the search optimization services. 6: Access history account usage view can’t be used to query the access history of Snowflake objects beyond 1 year.
Conclusion- Thank you for reading, I hope this blog will help you getting the basic understanding of Snowflake governance activities, are needed in order to control with in the organization in a optimal way. You can reach out to me in case of more questions you have, on my twitter handle or my LinkedIn or leave a comment below. Good luck!
References: Link to Snowflake online documentation
