Using Snowflake Data Sharing with Immuta
Immuta is compatible with Snowflake Secure Data Sharing. Using both Immuta and Snowflake, organizations can share the policy-protected data of their Snowflake database with other Snowflake accounts with Immuta policies enforced in real time.
Prerequisites:
Create Immuta Policies to Protect the Data
Required Permission:
- Immuta:
GOVERNANCE
Build Immuta data policies to fit your organization's compliance requirements.
It's important to understand that subscription policies are not relevant to Snowflake data shares, because the act of sharing the data is the subscription policy. Data policies can be enforced on the consuming account from the producer account on a share following these instructions.
Register the Snowflake Data Consumer with Immuta
Required Permission:
- Immuta:
USER_ADMIN
To register the Snowflake data consumer in Immuta,
- Create a new Immuta user.
- Update the Immuta user's Snowflake username
to match the account ID for the data consumer. This value is the output on the data consumer side when
SELECT CURRENT_ACCOUNT()
is run in Snowflake. - Give the Immuta user the appropriate attributes and groups for your organization's policies.
- Subscribe the Immuta user to the data sources.
Create the Snowflake Data Share
Required Permission:
- Snowflake:
ACCOUNTADMIN
To share the policy-protected data source,
- Create a Snowflake Data Share of the Snowflake table that has been registered in Immuta.
-
Grant reference usage on the Immuta database to the share you created:
Replace the content in angle brackets above with the name of your Immuta database and Snowflake data share.GRANT REFERENCE_USAGE ON DATABASE "<Immuta database of the provider account>" TO SHARE "<DATA_SHARE>";