Goal: Keep RBAC healthy, auditable, and secure over time.
Why Ongoing Management is Important
RBAC in Snowflake is not a βset and forgetβ process.
Over time:
- Users change roles.
- Projects evolve.
- Sensitive data access needs to be reviewed.
Regular audits and adjustments keep your security model effective and compliant.
π Copy & Paste: Revoking Privileges
sql
REVOKE SELECT ON ALL TABLES IN SCHEMA sales.public FROM ROLE reporting;
-- Check what a user has
SHOW GRANTS OF USER john;
-- Check what a role has
SHOW GRANTS TO ROLE reporting;
RLS
CREATE MASKING POLICY hide_ssn AS
(val STRING) RETURNS STRING ->
CASE
WHEN CURRENT_ROLE() IN ('security_team') THEN val
ELSE '***-**-****'
END;
ALTER TABLE customers
MODIFY COLUMN ssn
SET MASKING POLICY hide_ssn;
Top comments (0)