0
0
Snowflakecloud~10 mins

Secure data sharing basics in Snowflake - Step-by-Step Execution

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Process Flow - Secure data sharing basics
Create Data Provider Account
Create Share Object
Add Database Objects to Share
Grant Access to Consumer Account
Consumer Accesses Shared Data
Data Remains in Provider Account
End
This flow shows how a data provider creates a share, adds data, grants access, and the consumer accesses data without copying it.
Execution Sample
Snowflake
CREATE SHARE my_share;
GRANT USAGE ON DATABASE my_db TO SHARE my_share;
GRANT SELECT ON ALL TABLES IN SCHEMA my_db.public TO SHARE my_share;
ALTER SHARE my_share ADD ACCOUNTS = ('consumer_account');
This code creates a share, grants access to a database and tables, and allows a consumer account to access the shared data.
Process Table
StepActionObject AffectedResultNotes
1CREATE SHARE my_shareShare object 'my_share'Share createdReady to add data and consumers
2GRANT USAGE ON DATABASE my_db TO SHARE my_shareDatabase 'my_db'Share can use databaseAllows access to database metadata
3GRANT SELECT ON ALL TABLES IN SCHEMA my_db.public TO SHARE my_shareTables in schema 'my_db.public'Share can read tablesAllows consumer to query tables
4ALTER SHARE my_share ADD ACCOUNTS = ('consumer_account')Share 'my_share'Consumer account addedConsumer can now access shared data
5Consumer queries shared dataShared tablesData accessed successfullyNo data copied, live access
6Provider updates dataTables in 'my_db.public'Consumer sees updated dataSharing reflects live data changes
7Consumer tries to modify dataShared tablesAccess deniedConsumer has read-only access
8End-Sharing setup completeSecure, live data sharing without duplication
💡 Sharing ends when consumer access is revoked or share is dropped
Status Tracker
VariableStartAfter Step 1After Step 2After Step 3After Step 4After Step 5Final
my_shareNoneCreatedGranted DB usageGranted SELECT on tablesConsumer addedConsumer accesses dataActive and shared
consumer_account_accessNoNoNoNoYesYesYes
data_locationProvider onlyProvider onlyProvider onlyProvider onlyProvider onlyProvider onlyProvider only
Key Moments - 3 Insights
Why doesn't the consumer get a copy of the data?
Because the share provides live access to the provider's data without copying it, as shown in step 5 of the execution_table.
Can the consumer modify the shared data?
No, the consumer has read-only access. Step 7 shows that modification attempts are denied.
What happens if the provider updates the data?
The consumer sees the updated data immediately, as shown in step 6, because sharing is live and not a snapshot.
Visual Quiz - 3 Questions
Test your understanding
Look at the execution_table, at which step is the consumer account granted access to the share?
AStep 2
BStep 3
CStep 4
DStep 5
💡 Hint
Check the 'Action' column for when consumer_account is added to the share.
According to variable_tracker, what is the state of 'data_location' after step 5?
AProvider only
BCopied to consumer
CShared and copied
DDeleted
💡 Hint
Look at the 'data_location' row and its value after step 5.
If the provider revokes consumer access, which step in execution_table would change?
AStep 6
BStep 4
CStep 7
DStep 5
💡 Hint
Access is granted or revoked in the step where consumer_account is added or removed.
Concept Snapshot
Secure Data Sharing in Snowflake:
- Create a SHARE object.
- Grant USAGE on database and SELECT on tables to the share.
- Add consumer accounts to the share.
- Consumers get live, read-only access without data copying.
- Provider controls data and updates are instantly visible.
- Sharing ends when access is revoked or share is dropped.
Full Transcript
Secure data sharing in Snowflake starts with the provider creating a share object. The provider grants usage on the database and select permissions on tables to this share. Then, the provider adds consumer accounts to the share, allowing them to access the data. The consumer can query the shared data live without copying it. The provider retains control and can update data, which the consumer sees immediately. Consumers have read-only access and cannot modify the data. Sharing ends when the provider revokes access or drops the share.