Part I: How to Effectively Share Data Using a Secure Data Share in Snowflake
Sharing is defined as “to use, occupy, or enjoy (something) jointly with another”. So, whether you’re a child sharing toys with a friend, or an organization looking into how to efficiently share secure data, effectively passing objects between others is a clear fact of life.
Organizations across the globe are in a constant battle to share data quickly. Since storage is cheap, one solution has always been to simply copy the data to anyone who needs it, thus creating data fragmentation throughout the organization – not to mention driving our security and compliance teams crazy. Snowflake offers a number of ways to directly share your data with others in a secure and governed manner by setting up a Secure Data Share.
The following steps will help walk you through how to leverage the Snowflake Secure Data Share for all of your private data-sharing needs, without building complex processes or copying any data. This feature is available on all Snowflake editions at no additional cost.
Step 1: Create an empty Share
For security purposes, you must be an Account Admin in order to create any share within Snowflake. Before setting up a Share it is important to ensure you are following internal security, compliance, and regulatory policies on the data you plan to Share.
Next, naming your share. Make sure to be consistent with any of your naming, an example could be using the suffix of “_s”. You can see the command create share which includes the name of our share called projects_s below.
Step 2: Add Objects to your Share by Granting Privileges
This Share will grant a real-time, read-only access into the data without any additional copying, so make sure to select the proper objects that you would like to share with your consumers. You are able to share an entire database, schema, or a specific object (such as a table or view).
As a best practice for any external shares, gather data into a single database and leverage secure view(s). Take into consideration that this may have some performance impacts, but as a result of creating these secure views, limits access to the consumers from viewing underlying tables and calculations (if this is a concern for you). When you are deciding whether to leverage a secure view of not, weigh the trade-off between data privacy/security and query performance. Now, add all of you objects to your share. Below are the commands to grant USAGE privilege to the database and schema you are going to share objects. Finally, you need to grant specific select privileges to the objects you would like to share.
Note: You cannot grant anything other than select on shares.
Step 3: Add one or more accounts to your new Share
The final step is to add consumers to the Share. As a provider of data, you can add specific Snowflake accounts to the Share or setup Reader Accounts. If you are sharing with other Snowflake users, keep in mind that data isn’t being copied and consumers are NOT paying for storage, however they do pay for compute within their accounts. If setup for a Reader Account is needed, additional steeps may be required.
When adding accounts, it’s good to first show all the grants currently assigned to the share. This way you can check that proper object sharing is happening before adding any consumers. Lastly, execute the alter share command and included the Snowflake accounts you would like to share with. The line below will show us all grants on our existing Share and provide access to account XXXX and YYYYY.
Note: Snowflake does support sharing across cloud platforms and regions as well if you need to share across cloud platforms where your source account is located. This does require a replication DB to be setup, however before doing so please confirm our organization does not have any legal or regulatory restrictions as to where your data can be transferred or hosted.
If you no longer want to share data with an account, simply remove the account from the Share.
Providing a clear walk through on how to effectively set up a secure Data Share within Snowflake is just one example of how Strive acts as a bridge between our clients and our channel partners. We’re able to facilitate relationship building and technical/digital expertise, while keeping our clients and their customers at the heart of all business decisions.
The technical steps outlined above hopefully shed light on just how impactful a Snowflake Data Share can be to organizations and individuals alike in their data needs. Snowflakes’ first-class platform distributes data in a secure and fast fashion, without creating additional data fragmentation. If only getting children to share video game consoles could be this easy!
Interested in sharing secure data with Snowflake? Let’s Talk!
Strive Consulting is a business and technology consulting firm, and proud partner of Snowflake, having direct experience with Snowflake. Our team of experts can work hand-in-hand with you to determine if leveraging the Secure Data Share is right for your organization. Check out Strive’s additional Snowflake thought leadership here.
Snowflake delivers the Data Cloud – a global network where thousands of organizations mobilize data with near-unlimited scale, concurrency, and performance. Inside the Data Cloud, organizations unite their siloed data, easily discover and securely share governed data, and execute diverse analytic workloads. Join the Data Cloud. Snowflake.com.