Secure data sharing between accounts in Snowflake is a powerful feature that enables organizations to share live data across different Snowflake accounts seamlessly and securely. This capability eliminates the need for copying or moving data, ensuring that consumers always access the most current i…Secure data sharing between accounts in Snowflake is a powerful feature that enables organizations to share live data across different Snowflake accounts seamlessly and securely. This capability eliminates the need for copying or moving data, ensuring that consumers always access the most current information while providers maintain complete control over their data assets.
Snowflake's data sharing architecture operates through a unique approach where the actual data never leaves the provider's account. Instead, providers create shares - named objects that encapsulate database objects such as tables, secure views, and secure user-defined functions. These shares contain metadata and access privileges that allow consumer accounts to query the underlying data in real-time.
The provider account creates a share and grants privileges on specific database objects to that share. Consumer accounts can then create databases from these shares, enabling their users to query the shared data as if it were stored locally. This process happens through Snowflake's services layer, ensuring data remains in place while access is extended securely.
Security is maintained through several mechanisms. Providers can use secure views to filter and restrict which data consumers can access, protecting sensitive information. Role-based access control allows granular permission management within both provider and consumer accounts. All data remains encrypted and protected by Snowflake's security infrastructure.
Data sharing supports both direct sharing between accounts and sharing through the Snowflake Marketplace, where data providers can publish listings for other organizations to discover and consume. Reader accounts can be created for organizations that do not have their own Snowflake account, enabling broader data distribution.
Key benefits include zero data movement, real-time data access, reduced storage costs for consumers, simplified data governance, and the ability to monetize data assets. This functionality transforms how organizations collaborate and exchange information across business boundaries.
Secure Data Sharing Between Accounts in Snowflake
Why Secure Data Sharing is Important
Secure Data Sharing is one of Snowflake's most powerful and differentiating features. It enables organizations to share live, ready-to-query data with other Snowflake accounts in real-time, eliminating the need for traditional data movement methods like ETL processes, file transfers, or data replication. This capability is crucial for modern data collaboration, enabling business partners, customers, and different business units to access shared data securely and efficiently.
What is Secure Data Sharing?
Secure Data Sharing allows a data provider to grant read-only access to selected database objects (such as tables, secure views, and secure UDFs) to one or more data consumer accounts. The key characteristics include:
• No data copying - Consumers access the provider's data in place • Real-time access - Consumers always see the current state of the data • Zero data movement - Data stays in the provider's account storage • No additional storage costs for consumers - Consumers only pay for compute resources used to query the data • Secure by design - Providers control exactly what data is shared
How Secure Data Sharing Works
The sharing mechanism operates through the following components:
1. Shares A share is a Snowflake object that encapsulates all the information required to share a database. Providers create shares and add database objects to them.
3. Consumer Accounts Providers add consumer account identifiers to the share, granting them access.
4. Imported Databases Consumers create a database from the share, which appears as a read-only database in their account.
Creating a Share (Provider Side)
The provider performs these steps: • CREATE SHARE share_name; • GRANT USAGE ON DATABASE db_name TO SHARE share_name; • GRANT USAGE ON SCHEMA db_name.schema_name TO SHARE share_name; • GRANT SELECT ON TABLE db_name.schema_name.table_name TO SHARE share_name; • ALTER SHARE share_name ADD ACCOUNTS = consumer_account;
Accessing a Share (Consumer Side)
The consumer performs these steps: • SHOW SHARES; (to view available shares) • CREATE DATABASE db_name FROM SHARE provider_account.share_name;
Key Concepts for the Exam
Share Privileges: • ACCOUNTADMIN role or a role with CREATE SHARE privilege can create shares • IMPORT SHARE privilege is needed to create databases from shares
Sharing Constraints: • Data can only be shared between accounts in the same cloud provider and region (unless using data replication or listings) • Shared data is always read-only for consumers • Consumers cannot re-share data received through a share
Secure Views Importance: • Secure views hide the view definition from consumers • They prevent consumers from seeing underlying data they should not access • The query optimizer operates differently on secure views to prevent data exposure
Exam Tips: Answering Questions on Secure Data Sharing
Tip 1: Remember that shared data does not get copied - consumers query the provider's data in place. This is a fundamental concept that appears frequently.
Tip 2: Know the roles involved - ACCOUNTADMIN is typically required for sharing operations, though specific privileges can be granted to other roles.
Tip 3: Understand that consumers only pay for compute (query processing), not storage, when accessing shared data.
Tip 4: Be clear on regional constraints - sharing across regions requires Data Exchange or Snowflake Marketplace, or enabling replication.
Tip 5: Secure views and secure UDFs are essential when you need to share a subset of data while protecting sensitive information or hiding business logic.
Tip 6: Remember the share creation order: create share, grant database usage, grant schema usage, grant object privileges, then add consumer accounts.
Tip 7: Data consumers cannot modify shared data or grant access to others - the data remains under provider control.
Tip 8: For questions about Reader Accounts, remember these are special accounts created by providers for consumers who do not have their own Snowflake account. The provider pays for both storage and compute for Reader Accounts.