S H A R I N G D ATA S E C U R E LY I N
SNOWFLAKE
• Snowflake enables account-to-account
sharing of data through shares which are
created by data providers and “imported”
by data consumers, either through their
own Snowflake account or a provisioned
W H AT I S D AT A Snowflake Reader account. The
SHARING consumer could be an external
entity/partner, or a different internal
business unit which is required to have
its own, unique Snowflake account.
●There is only one copy
of data, which lives in the data provider’s
account
●Shared data is always live, real-time
and immediately available to consumers
●Providers can establish revocable, fine-
grained access grants to shares
W I T H D AT A
●Data sharing is simple and secure,
SHARING especially compared to the “old” way of
sharing data which was often manual and
involved transferring large .csv across the
Internet in a manner that might be insecure
Note - Data Sharing currently only
supported between accounts in the same
Snowflake Provider and Region
• The provider creates a share of a database
in their account and grants access to
specific objects in the database. The
provider can also share data from multiple
databases, as long as these databases
belong to the same account. One or more
accounts are then added to the share,
which can include your own accounts (if
PROVIDER AND you have multiple Snowflake accounts).
CONSUMER
• On the consumer side, a read-only
database is created from the share. Access
to this database is configurable using the
same, standard role-based access control
that Snowflake provides for all objects in
the system.
• You must use the ACCOUNTADMIN
role (or a role granted the CREATE
SHARES global privilege) to perform
these tasks.
• Will have different methods with
WORKING different editions of snowflake
WITH SHARES • VPS (Virtual Private Snowflake) does
not support Secure Data Sharing due to
the current limitations against sharing
data across regions.
• Standard and Enterprise Editions support
Secure Data Sharing with the usual
caveats.
HOW TO CHECK
WHICH EDITION
WE ARE
C U R R E N T LY
USING
SNOWFLAKE • Data sharing
SHARING • Matket place
TECHNOLOGIES • Private exchanges
1. DIRECT SHARE
• Direct Share is the simplest form of data
sharing that enables account-to-account
sharing of data utilizing Snowflake’s Secure
Data Sharing.
• As a data provider you can easily share data
with another company so that your data
shows up in their Snowflake account without
having to copy it over or move it.
D I R E C T S H A R E , D ATA
MARKETPLACE
& D ATA E X C H A N G E
• The Data Marketplace utilizes
D AT A Snowflake Secure Data Sharing to
MARKETPLACE connect providers of data with
consumers.
• You can discover and access a
variety of third-party data and have
those datasets available directly in
your Snowflake account to
query without transformation and
join it with your own data. If you
need to use several different vendors
for data sourcing, the Data
Marketplace gives you one single
location from where to get the data.
• Data Exchange is your own data hub for
securely collaborating around
data between a selected group
of members that you invite. It enables
providers to publish data that can then
be discovered by consumers.
• You can share data at scale with
D ATA your entire business ecosystem such
EXCHANGE as suppliers, partners,
vendors, and customers, as well as
business units at your own company. It
allows you to control who can join,
publish, consume, and access data.
• Once your Data Exchange is provisioned
and configured, you can invite members
and specify whether they can consume
data, provide data, or bot
W E B I N T E R F A C E F O R S H A R E D D A T A
• Data Shared with me
• Shares which have been shared with you.
Shared with me tab displays inbound
D AT A S H A R E D shared data for
BY YOU AND • Data Shared by you
• Outbound shares are created by your
SHARED WITH account for the purpose of sharing data
ME with consumers. You can share data via a
direct share, a data exchange, or the
Snowflake Marketplace.
• Viewing all shares from providers
(including who provided the share and
INBOUND whether a database has been created
from it in your account).
SHARES • Creating a database from a share.
• View the shares that you have created or
have privileges to access. The
information provided includes the
database for the share, the consumer
accounts (if any) that have been added to
the share, date when the share was
created, and objects that have been
OUTBOUND shared.
• Create a share / data listing
• Edit a share / data listing
• Revoke access to the share for individual
consumer accounts.
S H A R I N G D A T A F R O M M U L T I P L E D A T A B A S E S
• For Instance,
• A provider who organized data into different databases based on the characteristics of
data and business needs wants to share a secure view in one database that joins data in
that database with objects (e.g. schema, table, view) from other databases.
NOTE
• You can share only tables and secure views to your consumers.
• Therefore, if you have made a view without a secure case, Snowflake will not allow
you to share it with your customers.
W E B I N T E R FA C E F O R S H A R E S
If you have the
ACCOUNTADMIN role,
you can use the shares page The tasks you can perform
in the Snowflake web depend on whether the share
interface to perform most is Outbound or Inbound.
tasks related to creating and
managing shares.
READER ACCOUNT
• A reader account is intended primarily for querying data shared by the provider of the account. Adding
new data to the account and/or updating shared data in the account is not supported. As such, the
following DML and DDL commands are not allowed:
• INSERT
• UPDATE
• DELETE
• MERGE
• COPY INTO
• CREATE MASKING POLICY
• CREATE PIPE
• CREATE ROW ACCESS POLICY
• CREATE SHARE
• CREATE STAGE
• A reader account enables data consumers
to access and query data shared by the
provider of the account, with no setup or
usage costs for the consumer, and no
requirements for the consumer to sign a
licensing agreement with Snowflake.
• The reader account is created, owned,
MANAGING and managed by the provider account,
READER which assumes all responsibility for
ACCOUNTS credit charges incurred by users in the
reader account. Similar to standard
consumer accounts, the provider account
uses shares to share databases with
reader accounts; however, a reader
account can only consume data from the
provider account that created it:
W E B I N T E R FA C E F O R R E A D E R A C C O U N T S
• It has unlimited access and has resource
monitor setup to monitor it
• whatever we are using is Managed account
and in data sharing there will be reader
account
• though there are some features that are
disabled.
RESOURCE • A Reader Account is a Managed Account
MONITOR that is intended to be used just for reading
data
SETUP
• (e.g. selecting and downloading).
• There's no mechanical difference between a
Reader Account and a Managed Account,
• We can put resource monitor based on
warehouse and account
HOW TO SET
UP RESOURCE
MONITOR
• Shared databases are read-only. Users in
a consumer account can view/query data,
but cannot insert or update data, or
create any objects in the database.
GENERAL • The following actions are not supported:
L I M I T AT I O N S Creating a clone of a shared database or any
schemas/tables in the database.
FOR SHARED Time Travel for a shared database or any
schemas/tables in the database.
D AT A B A S E S
Editing the comments for a shared database.
• Shared databases and all the objects in
the database cannot be forwarded (i.e.
re-shared with other accounts).
D ATA M A R K E T P L A C E - W H AT Y O U C A N D O
• As a data provider, you can:
Publish data listings for free-to-use datasets to generate interest and new opportunities among the
Snowflake customer base.
Publish data listings for datasets that can be customized for the consumer.
Share live datasets securely and in real-time without creating copies of the data or imposing data
integration tasks onto the consumer.
Eliminate the costs of building and maintaining APIs and data pipelines to deliver data to customers.
• As a data consumer, you can:
Discover and test third party data sources.
Receive frictionless access to raw data products from vendors.
Combine new datasets with your existing data in Snowflake to derive new business insights.
Have datasets available instantly and updated continually for users.
Eliminate the costs of building and maintaining various APIs and data pipelines to load and update data.
Use the BI tools of your choice.
T Y P E S O F D AT A L I S T I N G S
• There are two types of data listing.
• Standard data listing(free data listing)
• personalized listing(paid data listing)
A standard listing provides instant access to a published data set. This type of listing is best for
providing generic, aggregated, or non-customer-specific data. Each listing includes details
about the shared data, sample queries, and information about the data provider.
A personalized listing allows customers to request specific data sets.
This can be premium data that a provider charges for or data that is specific to each consumer.
Each listing includes details about the shared data, sample usage examples, and information
about the data provider.
To access data from a personalized listing, consumers must submit a request by clicking the
Request button, and provide their contact information. Once a request is submitted, the data
provider is notified. The provider then contacts the consumer.
STRUCTURE OF BOTH THE LISTING
FREE LISTING
PERSONALIZED LISTING
PROVIDER PROFILE
D ATA R E Q U E S T S
1. Inbound Requests
• Inbound requests are requests from data consumers to access your data. You can sort
the requests by status and review (approve or deny) them.
2. Outbound Requests
• Outbound requests are requests that you have submitted for data listings from other
providers in a data exchange. You can sort the requests by status. If a request has
been denied, a comment is provided next to the request. You can make the necessary
adjustments and resubmit your request.