0
0
Snowflakecloud~15 mins

Creating and managing shares in Snowflake - Mechanics & Internals

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Overview - Creating and managing shares
What is it?
Creating and managing shares in Snowflake means setting up a way to safely share data between different accounts or organizations. A share is like a container that holds database objects such as tables or views that you want to share. Managing shares involves controlling who can see or use this data and updating the shared content as needed. This allows data to be shared without copying or moving it.
Why it matters
Without data sharing, organizations would need to copy data between systems, which is slow, costly, and risks data becoming outdated or inconsistent. Sharing data directly through shares saves time and storage, and keeps data fresh and secure. It enables collaboration and faster decision-making by giving others access to live data without losing control.
Where it fits
Before learning about shares, you should understand basic Snowflake concepts like databases, schemas, tables, and user roles. After mastering shares, you can explore advanced data sharing features like reader accounts, secure views, and cross-cloud sharing.
Mental Model
Core Idea
A Snowflake share is a secure, live window into your data that others can access without copying it.
Think of it like...
Imagine you have a photo album at home, and instead of giving someone the photos, you create a special album they can look at anytime but can’t take or change. That album is like a Snowflake share.
┌─────────────┐       ┌─────────────┐
│ Your Account│──────▶│ Share Object│
│ (Data Owner)│       │ (Container) │
└─────────────┘       └─────────────┘
                            │
                            ▼
                   ┌─────────────────┐
                   │ Consumer Account│
                   │ (Data Viewer)   │
                   └─────────────────┘
Build-Up - 7 Steps
1
FoundationUnderstanding Snowflake Shares
🤔
Concept: Shares are objects that hold database objects to share with others.
In Snowflake, a share is a special object that contains references to tables, views, or secure views you want to share. It does not copy data but points to the live data in your account. You create a share and then add objects to it.
Result
You have a share object ready to give access to specific data without duplication.
Understanding that shares do not copy data but provide live access is key to efficient data sharing.
2
FoundationCreating a Basic Share
🤔
Concept: How to create a share and add objects to it.
Use the SQL command CREATE SHARE to make a new share. Then use ALTER SHARE to add tables or views. For example: CREATE SHARE my_share; ALTER SHARE my_share ADD TABLE my_db.my_schema.my_table; This sets up a share with one table.
Result
A share named 'my_share' exists with one table ready to be shared.
Knowing the commands to create and add objects to shares is the first step to sharing data.
3
IntermediateGranting Access to Consumer Accounts
🤔Before reading on: do you think granting access to a share requires copying data or just permissions? Commit to your answer.
Concept: Shares are granted to other Snowflake accounts by specifying their account identifiers.
After creating a share, you grant access to other accounts by specifying their Snowflake account names. For example: GRANT USAGE ON SHARE my_share TO ACCOUNT consumer_account; This lets the consumer account see the shared data without copying it.
Result
The consumer account can now access the shared data live from your account.
Understanding that sharing is about permissions, not data movement, helps prevent costly data duplication.
4
IntermediateManaging Share Content Dynamically
🤔Before reading on: do you think you must recreate shares to update shared data, or can you modify shares live? Commit to your answer.
Concept: Shares can be updated by adding or removing objects without recreating them.
You can add or remove tables and views from a share anytime using ALTER SHARE commands. For example: ALTER SHARE my_share ADD VIEW my_db.my_schema.my_view; ALTER SHARE my_share REMOVE TABLE my_db.my_schema.old_table; This keeps the share content current without downtime.
Result
The share content changes immediately for all consumers.
Knowing that shares are dynamic allows flexible and continuous data sharing.
5
IntermediateUsing Secure Views in Shares
🤔
Concept: Secure views protect sensitive data when sharing.
Instead of sharing raw tables, you can create secure views that hide or mask sensitive columns. Then share these views. For example: CREATE SECURE VIEW my_secure_view AS SELECT id, masked_ssn FROM my_table; ALTER SHARE my_share ADD VIEW my_db.my_schema.my_secure_view; This controls what data consumers see.
Result
Consumers access only the safe, masked data through the share.
Using secure views in shares enforces data privacy while enabling sharing.
6
AdvancedCross-Cloud and Cross-Region Sharing
🤔Before reading on: do you think shares work only within the same cloud or region? Commit to your answer.
Concept: Snowflake shares can share data across different cloud providers and regions seamlessly.
Snowflake supports sharing data between accounts on different clouds (AWS, Azure, GCP) and regions. This means your share can be accessed by consumers anywhere without moving data physically. Snowflake handles the complexity behind the scenes.
Result
Data sharing works globally with low latency and no manual data transfer.
Understanding cross-cloud sharing reveals Snowflake’s power to unify data access worldwide.
7
ExpertReader Accounts for External Consumers
🤔Before reading on: do you think external users always need their own Snowflake account to access shares? Commit to your answer.
Concept: Reader accounts let you provide data access to users without Snowflake accounts by creating managed accounts for them.
A reader account is a special Snowflake account created and managed by the data provider. You create a reader account and grant it access to your share. External users connect to this reader account to see shared data without needing their own Snowflake subscription.
Result
You can share data with external users easily and control their access centrally.
Knowing about reader accounts expands sharing possibilities to users outside your organization.
Under the Hood
Shares in Snowflake are metadata objects that reference live database objects. When a share is created, it stores pointers to tables or views but does not duplicate data. When a consumer accesses a share, Snowflake uses secure, internal network connections to provide live query access to the data in the provider’s account. Permissions control what the consumer can see. Snowflake’s architecture separates storage and compute, so data remains in one place while multiple accounts can query it.
Why designed this way?
Snowflake designed shares to avoid data duplication and synchronization problems common in traditional data sharing. By sharing live data references, they reduce storage costs and ensure data freshness. The separation of storage and compute allows secure, scalable sharing across accounts and clouds. Alternatives like copying data were slower, costly, and risked stale data.
┌───────────────┐       ┌───────────────┐       ┌───────────────┐
│ Provider      │       │ Share Object  │       │ Consumer      │
│ Account       │──────▶│ (Metadata)    │──────▶│ Account       │
│ (Data Owner)  │       │ References to │       │ (Data Viewer) │
│ Storage Layer │       │ Tables/Views  │       │ Query Access  │
└───────────────┘       └───────────────┘       └───────────────┘
Myth Busters - 4 Common Misconceptions
Quick: Does creating a share copy the data to the consumer account? Commit to yes or no.
Common Belief:Creating a share copies the data to the consumer account for them to use.
Tap to reveal reality
Reality:Shares only provide live access to data; no data is copied or moved.
Why it matters:Believing data is copied can lead to unnecessary storage costs and confusion about data freshness.
Quick: Can you share data with users who don’t have Snowflake accounts? Commit to yes or no.
Common Belief:You must have a Snowflake account to access shared data.
Tap to reveal reality
Reality:Reader accounts allow sharing data with users without their own Snowflake accounts.
Why it matters:Not knowing about reader accounts limits sharing options and complicates external collaboration.
Quick: Do shares require recreating to update shared data? Commit to yes or no.
Common Belief:You must recreate shares to add or remove shared objects.
Tap to reveal reality
Reality:Shares can be updated dynamically without recreation.
Why it matters:Thinking shares are static leads to inefficient workflows and downtime.
Quick: Are shares limited to the same cloud provider or region? Commit to yes or no.
Common Belief:Shares only work within the same cloud or region.
Tap to reveal reality
Reality:Snowflake supports cross-cloud and cross-region sharing seamlessly.
Why it matters:Assuming cloud or region limits restricts design choices and collaboration.
Expert Zone
1
Shares do not grant direct access to underlying tables; consumers access data only through the share’s permissions and objects.
2
Secure views in shares can enforce row-level and column-level security, adding fine-grained control over shared data.
3
Reader accounts incur costs on the provider side, so managing them carefully is important to control expenses.
When NOT to use
Avoid using shares when data must be transformed heavily before sharing or when consumers need write access. In such cases, consider data pipelines or ETL processes to create separate datasets. Also, for very large or sensitive data, offline data transfer or dedicated data marketplaces might be better.
Production Patterns
In production, organizations use shares to provide live data feeds to partners, vendors, or internal teams. They combine shares with secure views to protect sensitive information. Reader accounts are used to onboard external clients without requiring Snowflake licenses. Cross-cloud sharing enables multi-cloud strategies and disaster recovery setups.
Connections
Access Control Lists (ACLs)
Shares use permission models similar to ACLs to control who can see data.
Understanding ACLs helps grasp how shares enforce security by granting usage rights to specific accounts.
Content Delivery Networks (CDNs)
Shares deliver live data access like CDNs deliver cached content, but shares provide live, not cached, data.
Comparing shares to CDNs highlights the difference between live data sharing and static content distribution.
Library Book Lending
Sharing data via shares is like lending books from a library without giving them away permanently.
This cross-domain link shows how temporary, controlled access can be managed without losing ownership.
Common Pitfalls
#1Sharing data by copying tables to consumer accounts manually.
Wrong approach:CREATE TABLE consumer_db.shared_table AS SELECT * FROM provider_db.original_table;
Correct approach:CREATE SHARE my_share; ALTER SHARE my_share ADD TABLE provider_db.schema.original_table; GRANT USAGE ON SHARE my_share TO ACCOUNT consumer_account;
Root cause:Misunderstanding that shares provide live access and thinking data must be duplicated.
#2Granting share access without specifying the consumer account.
Wrong approach:GRANT USAGE ON SHARE my_share TO ROLE some_role;
Correct approach:GRANT USAGE ON SHARE my_share TO ACCOUNT consumer_account;
Root cause:Confusing role-based permissions with account-level sharing permissions.
#3Assuming shares automatically update consumer access when objects change without altering the share.
Wrong approach:ALTER TABLE provider_db.schema.new_table ADD COLUMN new_col; -- expecting consumers to see new_table without adding it to share
Correct approach:ALTER SHARE my_share ADD TABLE provider_db.schema.new_table;
Root cause:Not realizing shares only expose objects explicitly added to them.
Key Takeaways
Snowflake shares provide live, secure access to data without copying it, saving storage and ensuring freshness.
Shares are metadata containers that reference database objects and control who can access them across accounts.
You can update shares dynamically by adding or removing objects, making data sharing flexible and continuous.
Reader accounts enable sharing with users who do not have Snowflake accounts, expanding collaboration possibilities.
Snowflake supports cross-cloud and cross-region sharing, allowing global data access without manual data movement.