Understand the different access control paradigms available in the Snowflake Data Cloud and learn how to implement access control in support of data privacy and compliance with regulations such as GDPR, APPI, CCPA, and SOX. The information in this book will help you and your organization adhere to privacy requirements that are important to consumers and becoming codified in the law. You will learn to protect your valuable data from those who should not see it while making it accessible to the analysts whom you trust to mine the data and create business value for your organization.

Snowflake is increasingly the choice for companies looking to move to a data warehousing solution, and security is an increasing concern due to recent high-profile attacks. This book shows how to use Snowflake's wide range of features that support access control, making it easier to protect data access from the data origination point all the way to the presentation and visualization layer. Reading this book helps you embrace the benefits of securing data and provide valuable support for data analysis while also protecting the rights and privacy of the consumers and customers with whom you do business.

What You Will Learn

• Identify data that is sensitive and should be restricted
• Implement access control in the Snowflake Data Cloud
• Choose the right access control paradigm for your organization
• Comply with CCPA, GDPR, SOX, APPI, and similar privacy regulations
• Take advantage of recognized best practices for role-based access control
• Prevent upstream and downstream services from subverting your access control
• Benefit from access control features unique to the Snowflake Data Cloud

Table of Contents

Part I: Background

Chapter 1: What Is Access Control?

Chapter 2: Data Types Requiring Access Control

Chapter 3: Data Privacy Laws and Regulatory Drivers

Chapter 4: Permission Types

Part II: Creating Roles

Chapter 5: Functional Roles: What a Person Does

Chapter 6: Team Roles: Who a Person Is

Chapter 7: Assuming a Primary Role

Chapter 8: Secondary Roles

Part Ill: Granting Permissions to Roles

Chapter 9: Role Inheritance

Chapter 10: Account- and Database-Level Privileges

Chapter 11: Schema-Level Privileges

Chapter 12: Table- and View-Level Privileges

Chapter 13: Row-Level Permissioning and Fine-Grained Access Control

Chapter 14: Column-Level Permissioning and Data Masking

Part IV: Operationally Managing Access Control

Chapter 15: Secure Data Sharing

Chapter 16: Separating Production from Development

Chapter 17: Upstream and Downstream Services

Chapter 18: Managing Access Requests

About the Author

​Jessica Megan Larson was born and raised in a small town across the Puget Sound from Seattle, but now calls Oakland, California home. She studied cognitive science with a minor in computer science at University of California Berkeley. She thrives on mentorship, solving data puzzles, and equipping colleagues with new technical skills. Jessica is passionate about helping women and non-binary people find their place in the technology industry. She was the first engineer within the Enterprise Data Warehouse team at Pinterest, and additionally helps to develop fantastic women through Built By Girls. Previously, she wrangled data at Eaze and Flexport. Outside of work, Jessica spends her time soaking up the California sun playing volleyball on the beach or at the park.