Self-Service Data Access on Snowflake Data

Snowflake is one of the most popular cloud-based data platforms in the world, known for its scalability and ability to handle large volumes of data while eliminating a lot of admin work.

But one of the biggest challenges in any data platform is maintaining least-privilege via fine-grained access control policies. 

In recent years, Snowflake has significantly expanded its data governance capabilities with the introduction of Snowflake Horizon. However, Snowflake is not an all-in-one solution when it comes to self-service data access, especially when applied to multiple data stores and cloud platforms.

To answer this question, it’s easiest to start with what self-service data access is not. Data and security teams often deal with this conundrum of needing to keep customer data secure and in line with compliance requirements, while giving data users access to the data they need to do their jobs. 

Organizations that don’t have an automated process for administering data access tend to fall on either side of the spectrum – either data access is locked behind layers of red tape, or access is a free-for-all but data security is compromised. 

Self-service data access, if done correctly, is an elegant way to solve this problem. Admins grant data users access to defined datasets based on their role or attributes such as geographical location or clearance level. Data users get access to an inventory of all data they have or could request access to (in Satori, this is a personalized portal). They then can request access to a dataset, which may be granted automatically on a temporary basis, or sent for approval to a list of preconfigured data access approvers.

Combining Satori’s self-service data access with Snowflake’s intuitive interface and powerful features, users can easily and securely determine what datasets they have available, and explore, query, and analyze data to gain valuable insights and make informed decisions. 

The main benefits to using self-service data access include:

• Accelerate data-driven value. The ability to rely on automated workflows ensures that data users get immediate access to data. Based on preconfigured security policies, access to data is either granted or withheld and the relevant security policies (such as dynamic data masking, attribute-based access controls, or row-level security) are applied. 
• Reduce the resource burden on security and data engineering. The process of manual data access tickets drains resources and often absorbs a large portion of engineering teams’ time. This is frustrating for teams that would prefer to work on core projects. It’s also frustrating for the business, which gets less core value from these teams. Relying on automated data access workflows reduces the burdens on engineers and enables them to work on their own productive core projects. 

Next, we’ll outline how Snowflake users can use Satori’s self-service data access with Satori.

Related blog post: Access Control: The Dementor of Data Security and Empowering Business Growth and Agility with a Self-service Data Culture

It all starts with Satori’s personal data portal, or through platforms like Slack, Jira, and Salesforce. Snowflake users can go into their data portal and observe the available datasets. They can then select their desired dataset and gain access to it immediately. Satori dynamically applies security policies according to the organization’s security requirements (such as masking data, temporary access to data, and attribute-based access control).

In the above example, the user chooses the desired dataset, Snowflake Patient Data, and can see that it has been set up with Self-Service, Read-Only access with the PHI Patient Data security profile. 

Adding a layer of security to prevent over-privileged users, this access has a 15-minute limit after which access is revoked. 

The data portal shows the user how to access the data by providing the information needed to connect, including hostname, database, and user credentials.

The Snowflake user is now all set and can begin using the Snowflake Patient Dataset to generate business insights.

From the perspective of security and data engineering teams, using self-service data access allows them to set security policies once and not need to “babysit” them afterward. Moving from manual ticketing to an automated workflow reduces the burden and allows teams to work productively on their core projects. 

The admin now configures a self-service workflow for user (or user group), Guy Demo, who gets read-only access for 15 minutes. 

The admin has generated an automated self-service workflow for this user and no longer needs to manually grant access to data.

The “Guy Demo” user can now access this dataset on their own. 

Once Guy Demo completes the self-service data access process and gains access to Snowflake Patient Data, the 15-minute timer begins. This timer and all active self-service access are visible to the admin through the Access Manager screen.

The admin also has the ability to view all access rules, including the user, access control, permissions, datasets, expiration, and security policies.

The security team can now continue working on their core projects instead of granting and revoking permissions.

Satori’s self-service data access enables data users to get access to analytic and production datasets quickly, easily, and securely. By eliminating bottlenecks and reducing the dependency on technical resources, self-service data access enables users to be more agile and responsive when using Snowflake. By democratizing data access, you empower individuals across the organization to harness the full potential of data, driving innovation, and accelerating business growth.

To learn more about using Satori’s self-service data access on Snowflake data, book a demo with one of our experts.

Read more about: 

• Satori for Snowflake
• Self-Service Data Access