Snowflakecloud~5 mins

Share security and governance in Snowflake - Commands & Configuration

Choose your learning style9 modes available

Learn Why Deep Visual Try Challenge Project Recall Time

Introduction

Sharing data securely means controlling who can see and use your data. Governance helps you set rules so data is safe and used properly when shared.

When you want to share specific data with another team without giving full access to your database

When you need to control who can query or modify shared data

When you want to audit who accessed shared data for compliance

When you want to share data across different Snowflake accounts securely

When you want to enforce policies on shared data usage

Commands

Create a new share object to hold the data you want to share securely.

Terminal

CREATE SHARE my_share;

Expected OutputExpected

No output (command runs silently)

Allow the share to access the database you want to share data from.

Terminal

GRANT USAGE ON DATABASE my_database TO SHARE my_share;

Expected OutputExpected

No output (command runs silently)

Allow the share to read all tables in the specified schema.

Terminal

GRANT SELECT ON ALL TABLES IN SCHEMA my_database.public TO SHARE my_share;

Expected OutputExpected

No output (command runs silently)

Specify which Snowflake accounts can access the shared data.

Terminal

ALTER SHARE my_share ADD ACCOUNTS = ('account1', 'account2');

Expected OutputExpected

No output (command runs silently)

List all shares you have created to verify your share exists and is configured.

Terminal

SHOW SHARES;

Expected OutputExpected

name database_name owner created_on my_share my_database SYSADMIN 2024-06-01 12:00:00

Key Concept

If you remember nothing else from this pattern, remember: create a share, grant access to data, and specify who can use the share to keep data secure.

Common Mistakes

Not granting USAGE on the database to the share

The share cannot access any data without database usage permission, so sharing fails silently.

Always grant USAGE on the database to the share before granting table access.

Forgetting to add target accounts to the share

No accounts can access the share if none are added, so data is not shared.

Use ALTER SHARE to add the correct Snowflake account names allowed to access the share.

Granting too many privileges like MODIFY or OWNERSHIP

This can expose data to unwanted changes and breaks governance rules.

Only grant SELECT and USAGE privileges needed for read-only sharing.

Summary

Create a share object to hold shared data.

Grant USAGE on the database and SELECT on tables to the share.

Add specific Snowflake accounts to the share for controlled access.

Verify shares with SHOW SHARES command.