Scaling Snowflake Roles: Common Challenges

Snowflake roles. Snowflake access management. Sunburns.

Snowflake roles. Snowflake access management. Sunburns.

We get it. It hurts.

We don’t have all the answers, but we know a thing or two about access management. For the rest, buy sunscreen.

Access management and managing Snowflake roles is a critical aspect of data security and compliance for any organization using Snowflake. Outside of security, defined access management is also important to make sure you support your internal customers to get access to the data they need to do their job.

Good access management controls means keeping data safe while ensuring the business can move as fast as possible. Security and velocity.

Let’s talk about why Snowflake roles can be difficult to manage and ways to make this easier.

Too Many Cooks in the Kitchen

One of the biggest challenges with Snowflake role management is the tangled web of access rules that explodes as an organization grows its adoption of Snowflake.

Or, as one data engineering team using Snowflake described their access controls: “a big plate of spaghetti.”

Snowflake is an amazing product that, once adopted, becomes the central data hub for the entire organization. There is something to be said about a solution that is so good that your teams cannot get enough of it.

Looking back at the Q3 2022 earnings season, there is a reason why Snowflake was at 165% in Net Revenue Retention, or soaring high above the 125% New Revenue Retention for the top quartile of its SaaS peers (Jamin Ball’s Clouded Judgment for more context).

Not so long ago, your data engineering team managed 10 users, all of whom resided on your data engineering team. Your company loves Snowflake… and now you manage 1,000 users or more users across many teams. Goodness.

“The marketing team needs access to a few more schemas…”

What used to be a handful of internal users on your data engineering team… is now a mass of internal, external, and application or service users.

Now throw in a heap of dbt pipelines, an acquisition or two—leaving you with multiple Snowflake accounts to manage—and new requirements from your governance and compliance team on how to manage data and data requests.

The Chef Boyardee SQL special.

Great news. Your internal customers have a voracious appetite to use and access Snowflake. The investment is paying off and teams are receiving value.

Success in hand, the challenge now becomes scaling your access controls and security requirements alongside this insatiable and continued demand.

…But who can even access this data?

What’s difficult now is managing all of these individual teams and a variety of datasets, some of which are sensitive, as Snowflake has indeed become the central data hub for your organization. At this point you also have other stakeholders that need to be a part of this process, including your security and governance teams who need to participate in the data access approval process for certain data.

Chef Boyardee, pile of spaghetti… with multiple cooks in the kitchen. Saucy indeed.

Another challenge of access management in Snowflake is the complexity of the data itself. Snowflake is often used to store and analyze large and complex datasets, which makes it difficult to understand exactly what data is being accessed and by whom.

This makes it extremely challenging to determine who has access to which data and to ensure that access is being used appropriately, especially when you have thousands of roles and tables to manage across your Snowflake account(s).

“Compliance is asking for an access approval process…”

To break this down, you both need to figure out how to: (1) organize your existing Snowflake access management structure to support your growing usage, as well as: (2) create a process for managing the access request flow from your internal customers, in partnership with other stakeholders in your organization (security, compliance, governance teams, etc). Managing data requests in Slack, Jira and email isn’t cutting it.

More simply, you need to:

  1. Unwind and reorganize your existing Snowflake access control structure.
  2. Define a compliant access request process.
  3. Automate as much of this as possible to reduce manual toil of your already overworked team.

Sounds like you have a lot of work to do.

About Spyglass

Since you’re here, let me tell you what we’ve cooked up at Spyglass. In short, we make Snowflake data access controls easy - or provide an automated and better way to do the above.

If you’ve nodded your head while reading this, reach out at spyglass.software (or demo@spyglass.software) and we’ll show you a product demo to give you a taste of the future of data access management.

Subscribe to stay informed

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.