!!!MARKER

Table of Content

0. Is Access Control even important?
1. Types of Access Control in Snowflake
2. Why RBAC is so popular and how does it becomes hard to manage
3. What is ABAC?
4. Implementations
5. Limitations
6. Why not both?

Rough notes

1. Access Control

   • Why is it important
   • Data privacy
   • Human error
   • Preventative step

2. Snowflake Access Control

   • DAC
   • RBAC
   • Explain the difference between two and how they work (pros and cons)

3. RBAC

   • Why is it popular
   • Simpler to implement
   • Easy to understand
   • Hard to manage at scale

4. ABAC

   • What is it?
   • How does it compare to RBCA (with examples)
   • Native Snowflake support, why not?

5. ABAC implementation

   • Random stuff
   • Terraform requirement
   • Managing and growing

6. Limitations of ABAC

   • RBAC is simpler for admin tasks
   • Only works with AD provisioner role created users
   • Another workflow to manage service accounts

7. RBAC and ABAC - Hybrid era

   • Why can they both work together
   • Separation of concerns
   • Managing two different configs

What is RBAC

R - Roll B - Based A - Access C - Control

It’s way to delegate privilege to an actor that can perform specific action/s on specific object/s based on the privileges assigned to the role.

Kevin should only access to Finance Data Toby should only have access to HR Data. Kelly can have to both operation’s data and also customer data including PII to perform her duties. Sale’s team can have access to xyz

Branch Managers can only see aggregates. Assistant to the Branch Manager can see the aggregates sale numbers but not the raw numbers.(no.2 person doesn’t need to know everything.)