Implement role-based access control, authentication, encryption, and compliance features in Snowflake (18% of exam).
This domain covers implementing role-based access control (RBAC), configuring authentication methods including MFA and SSO, managing network policies, understanding data encryption at rest and in transit, monitoring and auditing user activities, and ensuring compliance with security standards. These skills are essential for securing Snowflake deployments.
5 minutes
5 Questions
Account Access and Security in Snowflake encompasses the comprehensive framework for managing user authentication, authorization, and protecting sensitive data within the platform. This is a critical domain for the SnowPro Core Certification exam.
**Authentication Methods:**
Snowflake supports multiple authentication approaches including username/password, Multi-Factor Authentication (MFA), Single Sign-On (SSO) via SAML 2.0, OAuth, and key-pair authentication. MFA adds an extra security layer by requiring users to verify their identity through a secondary device or application.
**Role-Based Access Control (RBAC):**
Snowflake implements a hierarchical role system where privileges are granted to roles, and roles are assigned to users. System-defined roles include ACCOUNTADMIN, SECURITYADMIN, SYSADMIN, USERADMIN, and PUBLIC. Custom roles can be created to meet specific organizational needs. Role hierarchy allows privileges to flow from lower-level roles to higher-level roles.
**Network Policies:**
Administrators can configure network policies to restrict access based on IP addresses. This allows organizations to whitelist or blacklist specific IP ranges, ensuring connections only originate from trusted networks.
**Object-Level Security:**
Privileges can be granted on various database objects including databases, schemas, tables, views, and warehouses. The principle of least privilege should be applied, granting users only the minimum access required for their tasks.
**Data Protection:**
Snowflake provides encryption for data at rest and in transit using AES-256 encryption. Tri-Secret Secure allows customers to maintain control over encryption keys. Dynamic Data Masking and Row Access Policies enable column-level and row-level security respectively.
**Session Management:**
Session policies control timeout settings and concurrent session limits. Administrators can monitor active sessions and terminate suspicious connections when necessary.
**Auditing and Monitoring:**
The ACCOUNT_USAGE schema provides historical data about login attempts, query history, and access patterns, enabling security teams to detect anomalies and maintain compliance with regulatory requirements.Account Access and Security in Snowflake encompasses the comprehensive framework for managing user authentication, authorization, and protecting sensitive data within the platform. This is a critical domain for the SnowPro Core Certification exam.
**Authentication Methods:**
Snowflake supports mul…