\ Doug Kachlesmuss, Author at Strive Consulting, LLC. All Rights Reserved.

Part II: How to Effectively Share Snowflake Data with Non-Snowflake Users

Have you ever been asked to share information with a client or customer, while having to support various cloud platforms? Can this be done efficiently, and most importantly, effectively? In our previous publication around how to effectively share data, Strive walked through a step by step guide in how to utilize the Snowflake Secure Data Share. But what if you’re not a Snowflake customer? Don’t worry… we’ve got you covered.

Did you know that within Snowflake, you can setup a data share with other Snowflake customers, as well as with non-Snowflake customers? If you are looking to create a share with other Snowflake customers, then you’re in luck! We’ll outline the simple steps it takes to not only share with Snowflake Customers, but also dive into solutions needed to span across non-Snowflake customers, and additionally across various cloud platforms.

First: Ground Rules and Limitations

Let’s discuss some ground rules and limitations while creating a share within Snowflake for non-Snowflake customers.

  1. When sharing a database or any other object, the share is read only. This means the consumers cannot update, delete, or create new objects in the share.
  2. Time travel and cloning are not supported on shared databases, nor any other schema/tables within the shared database.
  3. Re-sharing a share is not permitted by consumers for security reasons.

Let’s look at an example

Let’s say you were asked to share sales information to various internal and external data consumers with the following requirements:

  • Data needs to be secure to all target consumers, regardless of data or cloud platform.
  • Each consumer should only see the data to which they have access.
  • Data should be up-to-date and accurate.

Here is an excellent opportunity to leverage a Reader Account within Snowflake. What is a Reader Account? A Reader Account allows you, as a Data Provider, to share data with non-Snowflake consumers. It’s not entirely free lunch as, unlike a direct share where the consumers pay for the compute on the data share, Reader Accounts are owned by the Data Producer, and the Producer’s account pays for the compute used.

A common question asked is, “Do consumers who use the Reader Account have access to other objects that are not shared?” The answer is no. Think of a Reader Account as a sub account that only has permissions to objects that have been shared AND, as the name insinuates, Readers Accounts cannot make changes to any shared objects.

Now, lets setup a Reader Account:

Step 1: Create Reader Account

Results:

Note:

  • The reader account used in the command (reader_sales) is not the name you use to actually access the account. The account name is also known as a locator, and is generated by Snowflake during account creation (QR18951 in this example)
  • The reader account created will leverage the exact same Snowflake Edition as the provider has and is provisioned in the same region as the provider, as well.
  • There is an initial limit of 20 reader accounts that a given provider can create. If you need more than that, just simply reach out to Snowflake Support.

Step 2: Login and Setup

Login using the credentials that were setup for the Reader Account in the earlier step. If additional security is needed to set up within a share, Data Provider would be selected. You can also select Data Consumer in order to view personal shares.

Let’s now setup our users

In this example, this will consist of all our sales users.

Step 3: Setup Users

As an Account Admin, within your Reader Account, you can setup users that will have access to the shares and should then grant assigned roles as well. Keep in mind, the Reader Account has SYSADMIN, PUBLIC, and SECURITYADMIN, and any other roles can be created.

Step 4: Create Warehouse

In the command below, a new warehouse is being created called sales_reader_wh as an XSmall.

Step 5: Create a Database based on the Share

Now that we have users created, and our warehouse set up, we must create a database based on the share from the provider account. Let’s say the provider account that granted the share and Reader Account is j44789 and the share is called ‘sales_share’.

Step 6: Setup all Access Privilege

Once our database is created from the share, we should grant access needed for the different roles. You must make sure to do a couple of things to allow the data to be queried:

  • Grant usage on the data warehouse (sales_reader_wh)
  • Grant imported privileges on the database created based on the share.

Outside of this, privileges can be added or removed as needed.

See how quick and simple that was?

Snowflake allows us to simply create managed Reader Accounts. From there, login to the Reader Account, create users, warehouses, databases from shares, grant privileges, etc. With just a few command statements, a Reader Account can be accessed by the users and the Account Admin of the Reader Account can grant access as needed to certain roles. Additionally, it’s highly recommended to setup resource monitors in order to limit credits used on your account. The Account Admin can create monitors which can limit the number of credits used by Reader Accounts, or even suspend a warehouse once a percentage of credits is used.

Using Snowflake, this can all be done in a matter of minutes and allows ease of access to sales data for both internal and external vendors. Leveraging such a powerful tool, we can now setup data shares to both consumers and Reader Accounts, as well. Strive is proud to partner with Snowflake to help organizations unlock true business value and help businesses get, and share, the data they need.

Interested in sharing secure data with without Snowflake?

Strive Consulting is a business and technology consulting firm, and proud partner of Snowflake, having direct experience with Snowflake Data Share. Our team of experts can work hand-in-hand with you to determine if leveraging the Secure Data Share is right for your organization. Check out Strive’s additional Snowflake thought leadership here.

About Snowflake

Snowflake delivers the Data Cloud – a global network where thousands of organizations mobilize data with near-unlimited scale, concurrency, and performance. Inside the Data Cloud, organizations unite their siloed data, easily discover and securely share governed data, and execute diverse analytic workloads. Join the Data Cloud. Snowflake.com.

Categories: blog, Data, Data & Analytics, Snowflake, Thought Leadership

Part I: How to Effectively Share Data Using a Secure Data Share in Snowflake

Sharing is defined as “to use, occupy, or enjoy (something) jointly with another”. So, whether you’re a child sharing toys with a friend, or an organization looking into how to efficiently share secure data, effectively passing objects between others is a clear fact of life.

Organizations across the globe are in a constant battle to share data quickly. Since storage is cheap, one solution has always been to simply copy the data to anyone who needs it, thus creating data fragmentation throughout the organization – not to mention driving our security and compliance teams crazy. Snowflake offers a number of ways to directly share your data with others in a secure and governed manner by setting up a Secure Data Share.

The following steps will help walk you through how to leverage the Snowflake Secure Data Share for all of your private data-sharing needs, without building complex processes or copying any data. This feature is available on all Snowflake editions at no additional cost.

Step 1: Create an empty Share

For security purposes, you must be an Account Admin in order to create any share within Snowflake. Before setting up a Share it is important to ensure you are following internal security, compliance, and regulatory policies on the data you plan to Share.

Next, naming your share. Make sure to be consistent with any of your naming, an example could be using the suffix of “_s”. You can see the command create share which includes the name of our share called projects_s below.

Data Share name

Step 2: Add Objects to your Share by Granting Privileges

This Share will grant a real-time, read-only access into the data without any additional copying, so make sure to select the proper objects that you would like to share with your consumers. You are able to share an entire database, schema, or a specific object (such as a table or view).

As a best practice for any external shares, gather data into a single database and leverage secure view(s). Take into consideration that this may have some performance impacts, but as a result of creating these secure views, limits access to the consumers from viewing underlying tables and calculations (if this is a concern for you). When you are deciding whether to leverage a secure view of not, weigh the trade-off between data privacy/security and query performance. Now, add all of you objects to your share. Below are the commands to grant USAGE privilege to the database and schema you are going to share objects. Finally, you need to grant specific select privileges to the objects you would like to share.

Usage

usage

Note: You cannot grant anything other than select on shares.

Step 3: Add one or more accounts to your new Share

The final step is to add consumers to the Share. As a provider of data, you can add specific Snowflake accounts to the Share or setup Reader Accounts. If you are sharing with other Snowflake users, keep in mind that data isn’t being copied and consumers are NOT paying for storage, however they do pay for compute within their accounts. If setup for a Reader Account is needed, additional steeps may be required.

When adding accounts, it’s good to first show all the grants currently assigned to the share. This way you can check that proper object sharing is happening before adding any consumers. Lastly, execute the alter share command and included the Snowflake accounts you would like to share with. The line below will show us all grants on our existing Share and provide access to account XXXX and YYYYY.

Note: Snowflake does support sharing across cloud platforms and regions as well if you need to share across cloud platforms where your source account is located. This does require a replication DB to be setup, however before doing so please confirm our organization does not have any legal or regulatory restrictions as to where your data can be transferred or hosted.

If you no longer want to share data with an account, simply remove the account from the Share.

Wrapping Up

Providing a clear walk through on how to effectively set up a secure Data Share within Snowflake is just one example of how Strive acts as a bridge between our clients and our channel partners. We’re able to facilitate relationship building and technical/digital expertise, while keeping our clients and their customers at the heart of all business decisions.

The technical steps outlined above hopefully shed light on just how impactful a Snowflake Data Share can be to organizations and individuals alike in their data needs. Snowflakes’ first-class platform distributes data in a secure and fast fashion, without creating additional data fragmentation. If only getting children to share video game consoles could be this easy!

Interested in sharing secure data with Snowflake? Let’s Talk!

Strive Consulting is a business and technology consulting firm, and proud partner of Snowflake, having direct experience with Snowflake. Our team of experts can work hand-in-hand with you to determine if leveraging the Secure Data Share is right for your organization. Check out Strive’s additional Snowflake thought leadership here.

About Snowflake

Snowflake delivers the Data Cloud – a global network where thousands of organizations mobilize data with near-unlimited scale, concurrency, and performance. Inside the Data Cloud, organizations unite their siloed data, easily discover and securely share governed data, and execute diverse analytic workloads. Join the Data Cloud. Snowflake.com.

Categories: blog, Data, Data & Analytics, Snowflake, Thought Leadership
/chroot/home/striveco/striveconsulting.com/html/wp-content/themes/starting-point/resources/views/index.blade.php