Snowflake Reader Accounts
Snowflake Reader Accounts
The reader accounts let providers share the data securely with the consumers who do not have a Snowflake account. Using the reader account, the consumer can view and query the data enabled by the provider with no additional setup and costs to the consumer. The provider account uses shares to share databases with the reader account. In this case, the provider is responsible for the costs incurred by the consumers using the reader account.
Restrictions on reader account:
Uploading new data from reader account
Modifying existing account in reader account
Unloading the existing data
Restricted commands on reader accounts
Insert
Update
Delete
Merge
Copy into Table
Create Masking Policy
Create Pipe
Create Row Access Policy
Create Share
Create Stage
Show Procedures
Managing the reader accounts involves two important aspects.
Creating the reader account
Configuring the reader account
Creating the reader account
Click on “Private Sharing”
Click on “Reader Accounts”
Fill “New Reader Account“ form or use command line
CREATE MANAGED ACCOUNT IDENTIFIER('"ACCOUNT_NAME"') ADMIN_NAME = 'Break_Glass_Account' COMMENT = 'Provide details' ADMIN_PASSWORD = '☺☺☺☺☺☺☺☺☺☺' TYPE = 'READER';
Find Account details and URL.
USE ROLE ACCOUNTADMIN;
SHOW MANAGED ACCOUNTS;
Configuring the reader account
The newly created reader account contains only a single user aka break glass account. The user gets accountadmin privileges as shown in the above screenshot. Configuring the reader account involves creation of users, roles, warehouses, databases, etc.
Login to reader account as account administrator using the break glass account
Create custom roles and grant privileges
Create users and grant roles
Create virtual warehouses and grant privileges
Create database from each share shared with the account from provider
Invite users to login, reset default passwords and train on the data
Comments
Post a Comment