The access control privileges of Snowflake define who is allowed for accessing and performing any operation on particular object in Snowflake.
The Framework of Access Control
The approach of Snowflake about access control includes the factors from the following number of models:
- Discretionary Access Control: Every object is owned by an individual, who has the control over granting the access to any object.
- Role-based Access Control: Snowflake access control privileges are allocated to Snowflake roles that are finally allocated to the different users.
The major ideas to understand Snowflake access control are:
- Securable object: The owner can grant the access to the objects. If not enabled by the grant, the access will be block.
- Role: The owner can grant the privileges to the roles. Consecutively, the roles are allocated to the different users. A role can be allocated also to another role, making a hierarchy of role.
- Privilege: It is the access level that an owner can grant to any object. More than one different privilege can be considered to manage the access’ granularity.
- User: It can be any individual or any tool acknowledged by Snowflake.
In the model of Snowflake, the owner allows the access to any secure object by means of privileges allocated to any role, which is consecutively allocated to another role or user. Moreover, every secure object is owned by an owner which has the ability for granting the access to another role. Such model is not same as of a user-based model of access control where the any right and privilege is allocated to the users. The model of Snowflake is developed to give a considerable level of flexibility and control.
The securable objects reside in a logical stack in an order of stacks. Top-most stack is account of customer. All other objects are stacked in SCHEMA object.