Schema Secure

Schema Secure’s Access Roles app simplifies and automates access management in Snowflake. By linking database roles directly to functional roles, it strengthens security, reduces manual errors, and promotes compliance with industry best practices. <p><br/></p> This is a Snowflake Native App that creates schema access roles (as database roles) from either Streamlit or a stored procedure `CORE.SET_UP_SCHEMA_ACCESS_ROLES(QUALIFIED_TARGET_SCHEMA_NAMES ARRAY)`. <p><br/></p> There are three access roles created for each schema: - read-only role: has the read/usage privileges on all current and future objects in a schema - read/create role: inherits the read-only role and has the `CREATE <object type> ON SCHEMA <schema name>` privileges for most object types - schema owner role: inherits the read/create role and has `OWNERSHIP` on the schema (this role is also granted to `SYSADMIN`, following Snowflake best practices) <p><br/></p> These schema access roles allow you to control access to schemas by simply granting them to functional roles. Then, as new objects are created or new object types are released by Snowflake, the privileges these access roles contain will flow downstream to the functional roles which inherit them. <p><br/></p> Example: -- Create the schema access roles and grant them their privileges<br/>CALL CORE.SET_UP_SCHEMA_ACCESS_ROLES(['ACCOUNTING.TAX', 'ANALYTICS_DEV_DB.WEB_EVENTS_STAGE']); <p><br/></p> Schema Secure requires some setup in order to create the schema access roles. Please refer to the README ("Settings" -> "About" -> "Setup" in the Streamlit) to complete the required setup. <p><br/></p> The free trial will allow you to set up schema access roles for 1 schema, enabling you to preview the functionality and see the power of establishing this re-usable foundation.