Skip to content

Data Sharing

Feature X Region/Cloud Paid Option? Public Option? Usage Metrics VPS Provider Profile?
Direct Share N N - N N N
Listing Y Y Y Y Must enable Y
Direct Exchange N N - N N Y
  • Sharable objects: Tables (Regular, Dynamic, External, Iceberg), Secure Views, Secure UDFs, Secure Materialized Views, Application Packages
  • supports non-secure sharing
  • Sharing options: Direct Share or Listing
  • HIPAA accounts cannot share with non-HIPAA accounts,
  • PHI data can only be direct shared
  • must sign business associate agreement BAA with Snowflake and the consumer
  • Tri-Secret Secure data protection is allowed as if, access occurring from provider account
  • provider can create a share that can selectively include: tables, external tables, secure views, secure materialized views and secure UDFs
  • current_account() for row-level security
  • invoker_share(): name of the current share (for dynamic data masking)
  • is_database_role_in_session() allows providers to define roles to define security granularity, and access is controlled by consumer accounts

Direct Share

  • Steps

  • Create a share

  • grants permissions either directly to the share, and/or to 1+ database roles and granting database roles to the share

    • grant USAGE on the database and all schemas which contains the objects being shared
    • if a secure view references objects contained in other databases, grant REFERENCE_USAGE
    • grant permission on the object (e.g. SELECT on tables/views)

  • alter share to add consumer accounts

  • reference_usage permission cannot be granted to a database role

  • database role cannot be granted to a share if:
  • if a database role has future grants
  • has permissions other than read-only
  • database role that inherit another database role cannot be granted to a share
  • Cannot transfer ownership of a SHARE
  • Cannot share from BC to non-BC account, need to set SHARE_RESTRICTION=FALSE per share

Listing

  • Availability options: private or public
  • Access options: Free, Limited Trial, Paid
  • Snowflake pricing models: usage by query, or subscription
  • Listing Types:
  • Organizational: uses internal Marketplace
  • Marketplace: available to all, including private connectivity except VPS customers
  • Data Exchange: available to those consumers who are invited by the provider
  • Provider profile is required except for free-private listings
  • Stripe account required for paid accounts
  • Limitations on listings from Gov region:
  • cannot offer paid or personalized listings
  • cannot offer application packages
  • must use cross-cloud auto-fulfillment
  • Managing with SQL requires manifest

Auto Fulfillment

  • limited to 10 TB
  • for free listings, either auto-fulfillment or manual product data fulfillment
  • for paid listings, use auto-fulfillment
  • for limited sharing, Snowsight detects and enables auto-fulfillment; cannot manually replicate
  • refresh after initial auto-fulfillment
  • interval based, from 1 minute to 8 days
  • schedule based, at a specific timestamp
  • triggered, use system$trigger_listing_refresh to trigger a refresh

Data Exchange

Terminology

  • Data Exchange Admin: ACCOUNTADMIN (default) or IMPORTED PRIVILEGES can manage the exchange:
  • add/remove members: as providers and/or consumers
  • provider profile approval requests
  • show categories
  • Data Exchange Providers:
  • must have a provider Profile. A region must be associated with one provider profile
  • create, define (personalized v/s free) and publish Listing
  • grant access to personalized listing from consumers who reside in other regions
  • Data Exchange Consumers:
  • Discover/browse listings
  • Use marketplace or data exchanges
  • consume datasets
  • Listing: Can be either personalized or free
  • Steps: create, configure, submit for approval (by Snowflalke) and publish