Opal Security’s first-party Snowflake integration empowers Security, Infrastructure, and IT teams to easily manage access to Snowflake Roles and resources such as Databases, Schemas, and Tables.
As enterprises expand their data footprint in the cloud, securing access to sensitive, business-critical information in processing, warehousing, and analytics platforms like Snowflake becomes more important than ever. Snowflake’s powerful and flexible Access Controls Framework allows administrators to set granular permission scopes with a high degree of customizability. However, at scale, this also means administrators must be equipped to manage complex access patterns that come with elaborate organizational policies. To enforce least privilege access to these systems and maintain regulatory compliance, Security, Infrastructure, and IT teams are often tasked to understand: who has access to a Snowflake Database? Which users have implicit access to a Snowflake Role? Which users have access to what Databases, Schemas, and Tables, and how long have they had access for? These teams not only have to be able to quickly gain context and certify access, but they also have to be able to proactively rightsize permissions and delegate approval flows while adapting to business needs and employee lifecycle changes.
Opal built this integration to help customers answer key access questions and implement least privilege in their Snowflake environments. With this integration, teams can:
Customer
Snowflake Table, and specifically, that Tommy Boyer has the ability to execute SELECT
queries on the table by virtue of having access to the Parent
Snowflake Role.Sales
Snowflake Role. The admin can quickly remove Marty’s access or separately navigate to the Events section to understand how and why Marty was granted access to the role.Sales
Snowflake Role, an admin can see both the list of users with access to the Snowflake Role, as well the Database, Schema, Table resources the Snowflake Role grants access to.Customer
Snowflake Table to perform an investigation. Sonie can use Opal to request 1-hour access to the Sales
Snowflake Role, and once their request is approved by the Sales Team Manager, Sonie will have the necessary access. After an hour, Sonie’s access will automatically expire unless extended.The Opal ↔︎ Snowflake integration is available in Beta for all Opal Security customers. Interested customers can contact their Technical Account Manager to enable this feature.
Opal Security is redefining identity security for modern enterprises. The unified platform aggregates identity and access data to provide customers with visibility and rapid control to protect mission-critical systems while accommodating the complexity and agility businesses require for growth. IT and security teams can discover anomalous identity risks and remediate them in minutes. Many global leaders, including Databricks, Figma and Scale AI, trust Opal Security to enable them to govern and adapt sensitive access quickly and securely.