10 Data governance and access control
This chapter covers
- Snowflake role-based access control
- Securing data with row access policies
- Protecting sensitive data with masking policies
Data stored in various repositories such as source systems, data lakes, data warehouses, reporting solutions, or data products can contain confidential or sensitive information only authorized users can access. Data engineers are responsible for including data governance and access control requirements when building data pipelines to ensure users see only the data they are authorized to see. Snowflake supports role-based access control and data governance features, such as row access policies and masking policies, that limit data access to authorized users.
In this chapter, we will describe the Snowflake role-based access control (RBAC) model, where access privileges are assigned to roles that are granted to users. We will demonstrate row access policies, typically used in multitenant solutions where many business units store data in the same database but can only see data from their business unit. We will also review masking policies that mask sensitive data, such as personal or financial information.