Protecto’s integration with various data sources allow organizations to automate privacy workflows, streamline privacy assessments, and maintain an accurate inventory of personal data across the organization.
Let us walk you through how you can connect your Snowflake datastore with Protecto.
Execute the below commands in Snowflake to create a warehouse. Then create a role and create a user that is assigned the above role. Finally grant the role to use the warehouse that has been created. Make sure to use a role with sufficient privileges (preferably as ACCOUNTADMIN) for these tasks:
Reference queries:
CREATE ROLE "PROTECTO_ROLE";
CREATE WAREHOUSE PROTECTO_WH WITH WAREHOUSE_SIZE = 'MEDIUM' WAREHOUSE_TYPE = 'STANDARD' AUTO_SUSPEND = 900 AUTO_RESUME = TRUE MIN_CLUSTER_COUNT = 1 MAX_CLUSTER_COUNT = 2 SCALING_POLICY = 'STANDARD';
GRANT USAGE ON WAREHOUSE "PROTECTO_WH" TO ROLE "PROTECTO_ROLE";
CREATE USER "PROTECTO_USER"
MUST_CHANGE_PASSWORD = FALSE
DEFAULT_ROLE = "PROTECTO_ROLE"
PASSWORD = "<password>".
GRANT ROLE "PROTECTO_ROLE" TO USER "PROTECTO_USER";
Next, we will explore how to grant "SELECT" and "USAGE" privilege for all databases, schemas and tables for the "PROTECTO_ADMIN" role. We will also grant 'imported privileges' on database snowflake to read logs from the snowflake history.
Reference queries
GRANT USAGE ON DATABASE "<database_name>" TO ROLE "PROTECTO_ADMIN";
GRANT USAGE ON FUTURE SCHEMAS IN DATABASE "<database_name>" TO ROLE "PROTECTO_ADMIN";
GRANT USAGE ON ALL SCHEMAS IN DATABASE "<database_name>" TO ROLE "PROTECTO_ADMIN";
GRANT SELECT ON FUTURE TABLES IN DATABASE "<database_name>" TO ROLE "PROTECTO_ADMIN";
GRANT SELECT ON ALL TABLES IN DATABASE "<database_name>" TO ROLE "PROTECTO_ADMIN";
Note: The above commands should be executed on all the databases created in the future on which Protecto should perform analysis.
Grant "IMPORTED PRIVILEGES" on database snowflake to "PROTECTO_ADMIN";
Once all the above steps are done, Protecto will start analyzing your Snowflake datastore and provide insights into privacy and security risks in a few hours.
We take privacy seriously. While we promise not to sell your personal data, we may send product and company updates periodically. You can opt-out or make changes to our communication updates at any time.