D1.5 - OUTLINE DATA GOVERNANCE CAPABILITES IN SNOWFLAKE

Question 1

Data Masking

Answer 1

A column-level security feature that uses masking policies to selectively mask plain-text data in table and view columns at query time

Question 2

Dynamic Data Masking Features

Answer 2

• Snowflake supports masking policies as a schema-level object to protect sensitive data from unauthorized access while allowing authorized users to access sensitive data at query runtime
• This means that sensitive data in Snowflake is not modified in an existing table. Rather, when users execute a query in which a masking policy applies, the masking policy conditions determine whether unauthorized users see masked, partially masked, obfuscated, or tokenized data
• Masking policies as a schema-level object also provide flexibility in choosing a centralized, decentralized, or hybrid management approach

Question 3

Account Usage Views

Answer 3

ACCOUNT_USAGE schema contains views that display object metadata and usage metrics for YOUR account. It is generally similar to the information schema

Question 4

External Tokenization

Answer 4

• External tokenization enables accounts to tokenize data before loading it into Snowflake and detokenize the data at query run time.
• Tokenization is the process of removing sensitive data by replacing it with an undecipherable token
• External tokenization makes use of masking policies with external functions

Question 5

Secure Views

Answer 5

• Secure views are only displayed to authorized users (i.e. users who have been granted the role that owns the view).
• if an unauthorized user uses any of the following commands or interfaces, the view definition is not displayed:
• SHOW VIEWS or SHOW MATERIALIZED VIEWS
• GET_DDL
• VIEWS information schema
• VIEWS account usage view
• View security can be integrated with Snowflake users and roles using CURRENT_ROLE and CURRENT_USER functions