Reading time: ~4 minutes
Snowflake is a cloud-based data Warehouse firm that provides thorough ANSI SQL programming language support to deal with day by day processes. It is a cloud skeptical, along with boundless, unified scalability across AWS (Amazon Web Services) and Microsoft Azure.
Snowflake is a company which is founded by ex-employees of Oracle. Microsoft & Vectorwise proposes an accessible data warehouse as a service from a cloud storage system.
Their selling point is the parting of database disk’s capability from CPU performance, and they suggest this at an economical expense.
Snowflake is a data Warehouse Company which is established in the year 2012. This company had earned about 1.4 billion dollars in project capital before launching publically. This company is located in San Mateo (California). After two years of the self-working company was openly launched in 2014.
Snowflake provides a cloud-based data storing and analytics structure. Generally, it is known “data warehouse as service. It allows corporate users to store and study data using cloud-based hardware and software. Snowflake is being run on Amazon by 2014, and Microsoft Azure since 2018, and on Google’s cloud service since 2019. The Snowflake’s Data Exchange system permits consumers to exchange and share data securely.
Here some key features of Snowflake systems are mentioned:
- Data Protection & Security
Snowflake data-warehouse provides boosted certification by providing Multifactor Authentication (MFA). It also provides central authentication and SSO (Single Sign-On), and Open Authorization. TLS secures any activity among the server and client.
- Extended and Excellent Support of SQL
Snowflake warehouse system allows maximum DML and DDL queries of SQL. Snowflake also allows the latest DML, lateral views, transactions, and stored procedures too.
Snowflake warehouse system allows a wide range of users, drivers, and connectors like Python connector, .NET driver, Spark connector, and Node-js.
- Data Sharing
It also allows you to share your data securely by further Snowflake accounts.
Snowflake design covers a collaboration of “shared nothing” designs and “common shared-disk” to allow the top of all of these. We study these designs and observe how the Snowflake data warehouse merges them in a fresh combined system.
Shared Disk Design
This design is used in usual databases. There is only one storage layer of “shared disk design,” which all knots reach. Several cluster knots take Memory and CPU with no disk capacity to communicate with the main storage level to catch the data and processing.
Shared Nothing Design
This design opposes to Shared-Disk design. Shared-Nothing design has spread cluster nodes with disk storage, Memory, and CPU of them. The main benefit is this the main data can also be apportioned and kept across these nodes like all cluster node have their own storage disk.
Snowflake Design (Hybrid Model)
Snowflake provisions a high-level design. Snowflake Hybrid Model has three main layers:
Layer of Storage
Snowflake data warehouse arranges data in many micro dividers that are inside compressed and optimized. It also uses a tabular layout to store data. Cloud storage stores the data and operates as a shared disk, thus providing plainness in data managing. That makes sure that users don’t have to concern about the data distribution through many knots in the shared-nothing model.
Snowflake practices Virtual-Warehouses for executing queries and requests. Snowflake splits the query handling portion from the storage of the disk. By using the data from the storage, layer queries are executed into this layer.
A layer of Cloud Services
All actions like security, authentication, metadata management of the laden query and data, and optimizing that manage across Snowflake transpires in this special portion.
Access Control Structure
Snowflake’s method for accessing control gathers sides from all these following models,
- DAC (Discretionary Access Control)
Every entity has its holder, who grants access to that object in turn.
- RBAC (Role-based Access Control)
Assigned access rights to roles, which allocates to users in turn.
The main conceptions for understanding the access control system in Snowflake are mentioned below,
- Securable object
An entity to which rights can be allocated. Without allocation or approval, access will be deprived of.
An object to which rights can be allocated. Roles are assigned to users in turn. Moreover, roles can also be allocated to other roles or generating a role hierarchy.
well-defined level of rights to an entity. To control the granularity of access granted, many diverse rights could be used.
A user uniqueness renowned by the Snowflake system may be linked with a program or person.
To control access to objects in the system, Snowflake uses roles. Roles grants access rights for objects in the system (databases, tables, etc.). Roles grants to clients to create, modify, and use the substances for which the roles have rights. Roles can also be allowed to other users or roles to support essential hierarchical access rights.
System-Defined snowflake Roles are mentioned below.
- ACCOUNTADMIN (aka Account Administrator)
- SECURITYADMIN (aka Security Administrator)
- USERADMIN (aka User and Role Administrator)
- SYSADMIN (aka System Administrator)
- PUBLIC ( automatically added to every user and every role)
SECURITYADMIN rights and any other role in which the CREATE ROLE rights have been approved can create Custom roles (any roles other than predefined roles). Systematically already created new roles are not allocated to any user and not allocated to any other role.
Security in snowflakes
Snowflake offers industry-leading structures that guarantee your account and clients’ utmost security ranks and all your data that you store in Snowflake.
The following points ensure a sophisticated summary of the features,
- In snowflakes, website access is measured through IP allocation and block listing system and managed over network policies.
- To manage user groups and user identities, SCIM is used.
- Security enlarged by Key Pair Authentication and Key Pair Rotation with authentication of users.
- The security system allows controlled access to all entities in the account (warehouses, databases, users, tables) over a hybrid model of role-based access control (RBAC) & discretionary access control (DAC).
- In snowflakes, entire data encrypt automatically using (AES 256 durable encryption).
- Snowflake’s security system supports customer-managed keys to encrypt data.
- Snowflake’s security system Support for screening column and table data in tables and outlooks by Column-level Security.
- Type II compliance Soc 1 and Type II compliance Soc 2.
- CSF compliance HITRUST.
Bonus video: What is Snowflake? 8 Minute Demo | Snowflake Inc.
Thank you for reading!