Snowflake Data Sharing Capabilities

Data drives business in the modern economy; the faster businesses can get to data and provide meaningful insights, the more they can enable informed decision-making. Snowflake has come a long way in this space in recent years, and the progress is impressive. Snowflake is also being increasingly adopted by several firms, as it is well known for its large dataset processing and computing power. It provides scalability, affordability, security, ease of use, customization, and easy data integration. In addition, Snowflake provides a host of specialized services, like Snowflake Arctic, Snowflake for Big Data, Snowflake Data Sharing, and Snow Pipe, as required depending on the use case. They bring a powerful weapon to the table for all enterprises striving to cash in on strategic data utilization.

In this paper, I will explore how data sharing works in Snowflake. Data sharing is the process of making data available to multiple users, applications, or organizations while maintaining its quality. Organizations often need to share data with customers, suppliers, and partners, but they face significant challenges such as poor governance, outdated solutions, manual data transfers, and being tied to specific vendors. To become truly data-driven, organizations need an improved method for sharing data. Snowflake offers a modern solution to these challenges, enabling seamless and secure data sharing.

Data Sharing

When using Snowflake as your data warehouse, you can share selected data objects with another Snowflake account holder or even with someone who doesn't have a Snowflake account (through a Reader Account). One major advantage of data sharing in Snowflake is that the data isn't copied or transferred between accounts. Instead, any updates made to the provider account are immediately available to the consumer.

Provider

The provider, also referred to as the data provider or producer, is the user of a Snowflake account responsible for creating a share and making it available to other Snowflake account users for consumption. As the creator of the share, the provider holds the authority to determine which data and resources are shared and accessible to other users within the Snowflake ecosystem.

Consumer

A data consumer refers to any account that opts to establish a database using a share provided by a data provider. As a data consumer, upon integrating a shared database into your account, you gain access to and can query the contents of the database in the same manner as any other database within your account.

There are different methods for sharing data in Snowflake. You can either restrict access based on specific permissions, ensuring only authorized users can view certain objects, or you can make the data available for all intended users to read. This flexibility allows for secure and efficient data collaboration.

Direct Share

Direct Share is the simplest method for consumers to access data shared by a provider when the provider and consumer are in the same region. This approach requires the data provider to have access to the account IDs of the consumer accounts. Once set up, consumers can easily view and use the shared data objects.

Consumers With Snowflake Account

Consumers with a Snowflake account can be given access to data shared by a provider. The shared objects can only be accessed by these consumers. In this setup, the provider is charged for storage, while the consumer is charged for compute usage. When sharing and consuming data via Snowflake shares, it’s important to follow best practices. These include validating the data shares, auditing access to the shared data, and adding or removing objects from the shares as needed. This ensures secure and efficient data sharing.

A list of commands to be executed in Snowflake to share an object from the provider to the consumer.

CREATE DATABASE ROLE MYSHARE;
GRANT USAGE ON SCHEMA PUBLIC TO DATABASE ROLE MYSHARE;
GRANT SELECT ON VIEW VW_CUSTOMER  TO DATABASE ROLE MYSHARE;
SHOW GRANTS TO DATABASE ROLE MYSHARE;
CREATE OR REPLACE SHARE MY_TEST_SHARE;
GRANT USAGE ON DATABASE SAMPLE_DB TO SHARE MY_TEST_SHARE;
GRANT USAGE ON SCHEMA SAMPLE_DB.PUBLIC TO SHARE MY_TEST_SHARE;
GRANT SELECT ON TABLE SAMPLE_DB.PUBLIC.CUSTOMER_TEST TO SHARE MY_TEST_SHARE;
SHOW SHARES;
SHOW GRANTS TO SHARE MY_TEST_SHARE;
ALTER SHARE MY_TEST_SHARE ADD ACCOUNT= ACC12345;
------ TO SHARE ALL OBJECTS 
GRANT SELECT ON ALL TABLES IN SCHEMA SAMPLE_DB.PUBLIC TO SHARE MY_TEST_SHARE;
GRANT SELECT ON ALL TABLES IN DATABASE SAMPLE_DB  TO SHARE MY_TEST_SHARE;

Consumers With No Snowflake Account (Reader Account)

As a data provider, you might want to share data with a consumer who does not have a Snowflake account or is not ready to become a licensed Snowflake customer. Consumers without a Snowflake account cannot access shared data. To enable access, you can create a Reader Account and share it with the consumer. With Reader Accounts, sharing data is quick, simple, and affordable without having the user sign up for a Snowflake account. The provider account that generated each reader account is in charge of managing it. Both the processing and storage fees that the customer incurs will be covered by the provider.

CREATE MANAGED ACCOUNT READER_ACCT;
ADMIN_NAME='READER_ACCT';
ADMIN_PASSWORD='**********';
TYPE='READER';
SHOW MANAGED ACCOUNTS;
--Snowflake URL with Locator ( Share it with the Consumer)
ALTER SHARE SHARE_NAME ADD ACCTID=LOCATOR IN URL IN ABOVE LINE ;
SHARE_RESTRICATIONS=FALSE;
ALTER SHARE QCUFBZG.AXYZ5751.POC_SNOWFLAKE_SECURE_SHARE ADD ACCOUNT=XYZ11993;
SHARE_RESTRICTIONS=FALSE;

When sharing data with a consumer, the consumer can see all the information, and the provider cannot hide any data. It's suggested that you share data using secure views. This way, only the attributes meant for the consumer are visible, and access to other data is restricted. Views should be labeled as secure if they're meant to ensure data privacy.

Listing

Listing is a more advanced way of securely sharing data and operates on the same producer and consumer model as Direct Share. However, it differs in that it's not restricted to the same region; data can be accessed by Snowflake accounts in different regions. Data can be shared with specific accounts or published in the Snowflake Marketplace. Listings come in two types: Private and Public.

• Private: Private listings are exclusively accessible to specific consumers. They allow you to utilize listing features to directly share data and other information with other Snowflake accounts in any Snowflake region.
• Public: Data products can be shared in Snowflake Marketplace publicly. By offering listings on the Snowflake Marketplace, you can promote your data product across the Snowflake Data Cloud. This allows you to share curated data offerings with multiple consumers at once, instead of managing sharing arrangements with each consumer individually.

Conclusion

Snowflake's data-sharing capabilities provide a modern solution for organizations looking to share data securely and efficiently. By leveraging the features mentioned, businesses can overcome traditional data-sharing challenges and unlock the full potential of their data. Determine the best approach in sharing your data with consumers or accessing the data from providers based on the use case. For more detailed instructions and best practices on implementing data sharing, refer to the official Snowflake documentation.