Snowflake

{Early Access Feature}

This Authorizer follows the SaaS Authorization Management pattern. For more information, see: SaaS Authorization Management.

SaaS Authorization Management provides out-of-the-box support to leading SaaS vendors like Snowflake. The Platform integrates with SaaS vendors to provide standardization and centralized Authorization management while supporting distributed deployment across the organization’s technology stack.
Integration with vendors is accomplished through Policy Orchestration which is configured to discover, map, and manage SaaS Vendor Authorization Policies by utilizing their native capabilities using available APIs.

About Snowflake

Snowflake offers cloud-based data storage data services that include processing and analytics. All data is maintained in database tables and grouped logically in one or more schemas.
Snowflake strongly suggests using row access policies and masking policies to achieve consistent security controls. Those methods are replacing older options of achieving the required security, such as secured views.
Following Snowflake's recommendations, PlainID's primary focus is on two types of policies:

• Masking policies
  • Tag (recommended)
  • Column - coming soon
• Row access policies (coming soon)

Snowflake Authorization Model

Flow description
To access a securable object, users should have privileges assigned to that object.
A user can obtain privileges to a securable object, either through a directly assigned role or through hierarchy of roles.
Assigned Policies (masking or row) are in effect once the user accesses (views) a securable object (database, schema, table, view).

Masking Policies

Masking Policies in Snowflake are used to protect sensitive data by selectively controlling access at the column level. These Policies apply dynamic masking, meaning they display different information based on the user's role and privileges. The key value of masking policies is to ensure data security, regulatory compliance, and privacy, while still allowing users to access necessary information without exposing sensitive data,

Row Access Policies

Row Access Policies in Snowflake control data access at the row level based on user roles or Attributes, allowing more granular security. These Policies restrict which rows a user can view or interact with, ensuring that only authorized users can access specific data. They are useful for enforcing data governance, meeting regulatory standards, and enhancing security by allowing fine-tuned access, especially for sensitive or restricted data. This helps organizations safeguard information while enabling secure data sharing and access management.