Configuring custom roles for managing access to highly secure data
In this recipe, we will explore securing access to highly confidential data through a custom role. We will also explore how we can deny access to specific datasets to even the administrative users.
Getting ready
Before proceeding with this recipe, please ensure that the user you will use can use the SECURITYADMIN
role. Note that this recipe's steps can be run in either the Snowflake web UI or the SnowSQL command-line client.
How to do it…
We will create a new custom role and demonstrate how it can be configured to control access to sensitive data:
- Let's start by creating the database that will hold the sensitive data. In this database, we will also create a table that contains salary information:
USE ROLE SYSADMIN; CREATE DATABASE sensitive_data; CREATE TABLE SALARY ( EMP_ID INTEGER, SALARY NUMBER );
You should see the database and the table created successfully...