, 1 of 44
Definition
Method of restricting data viewing on runtime. Dynamic Data
Masking:
1. Done on a role basis
2. Applied on runtime, data is not stored in masked form
3. Can be done partially or fully
4. Policy must have same input and output type (i.e. INT / INT)
5. Policies are schema level objects
6. Can be nested in schemas and tables
7. Can be created and added independently of owners
Give this one a try later!
Network Policies User Authentication
Dynamic Data Masking Federated Authentication
Don't know?
2 of 44
Definition
Federated Authentication is possible in snowflake enabling single
sign on (SSO). Federated Authentication in Snowflake:
1. Requires snowflake to delegate authentication to third party
,2. Current enabled via Okta and ADFS
3. Custom setup must be done via external provider
Give this one a try later!
Federated Authentication Key-Pair Authentication Process
Hierarchical Key Model Key Pair Authentication
Don't know?
3 of 44
Definition
Defines level of access a role has on a given object.
1. Given via grant/revoke commands
2. Done via MANAGEGRANTS global privilege
3. Future grants can be given allowing access on future objects
3a. i.e. all tables to be created in a given schema
Give this one a try later!
Privileges Secure Views
SECURITYADMIN Periodic-Re-Keying
, Don't know?
4 of 44
Definition
Tied to key rotation, practice of replacing all keys over one year in
age.
1. Can be done automatically via snowflake
2. Available at enterprise and above
3. ALTER ACCOUNT SET PERIODIC_DATA_REKEYING = TRUE;
Give this one a try later!
Periodic-Re-Keying Hierarchical Key Model
ACCOUNT_USAGE object User Authentication
Don't know?
5 of 44
Definition
Roles created specifically for each person or sets of persons, usually
mapped by job function for group. Custom Roles:
1. Can have unique access and privileges
2. Supports execution of security principle of 'least privilege'
Definition
Method of restricting data viewing on runtime. Dynamic Data
Masking:
1. Done on a role basis
2. Applied on runtime, data is not stored in masked form
3. Can be done partially or fully
4. Policy must have same input and output type (i.e. INT / INT)
5. Policies are schema level objects
6. Can be nested in schemas and tables
7. Can be created and added independently of owners
Give this one a try later!
Network Policies User Authentication
Dynamic Data Masking Federated Authentication
Don't know?
2 of 44
Definition
Federated Authentication is possible in snowflake enabling single
sign on (SSO). Federated Authentication in Snowflake:
1. Requires snowflake to delegate authentication to third party
,2. Current enabled via Okta and ADFS
3. Custom setup must be done via external provider
Give this one a try later!
Federated Authentication Key-Pair Authentication Process
Hierarchical Key Model Key Pair Authentication
Don't know?
3 of 44
Definition
Defines level of access a role has on a given object.
1. Given via grant/revoke commands
2. Done via MANAGEGRANTS global privilege
3. Future grants can be given allowing access on future objects
3a. i.e. all tables to be created in a given schema
Give this one a try later!
Privileges Secure Views
SECURITYADMIN Periodic-Re-Keying
, Don't know?
4 of 44
Definition
Tied to key rotation, practice of replacing all keys over one year in
age.
1. Can be done automatically via snowflake
2. Available at enterprise and above
3. ALTER ACCOUNT SET PERIODIC_DATA_REKEYING = TRUE;
Give this one a try later!
Periodic-Re-Keying Hierarchical Key Model
ACCOUNT_USAGE object User Authentication
Don't know?
5 of 44
Definition
Roles created specifically for each person or sets of persons, usually
mapped by job function for group. Custom Roles:
1. Can have unique access and privileges
2. Supports execution of security principle of 'least privilege'
