Protecto’s integration with various data sources allow organizations to automate privacy workflows, streamline privacy assessments, and maintain an accurate inventory of personal data across the organization.
Let us walk you through how you can connect your Snowflake datastore with Protecto.
Create and grant access to Protecto
I. Creating Protecto user and role
Execute the below commands in Snowflake to create a warehouse. Then create a role and create a user that is assigned the above role. Finally grant the role to use the warehouse that has been created. Make sure to use a role with sufficient privileges (preferably as ACCOUNTADMIN) for these tasks:
- Create a role "PROTECTO_ROLE" in Snowflake
- Create a warehouse "PROTECTO_WH".
- Create a user "PROTECTO_USER" and assign to the above role.
CREATE ROLE "PROTECTO_ROLE";
CREATE WAREHOUSE PROTECTO_WH WITH WAREHOUSE_SIZE = 'MEDIUM' WAREHOUSE_TYPE = 'STANDARD' AUTO_SUSPEND = 900 AUTO_RESUME = TRUE MIN_CLUSTER_COUNT = 1 MAX_CLUSTER_COUNT = 2 SCALING_POLICY = 'STANDARD';
GRANT USAGE ON WAREHOUSE "PROTECTO_WH" TO ROLE "PROTECTO_ROLE";
CREATE USER "PROTECTO_USER"
MUST_CHANGE_PASSWORD = FALSE
DEFAULT_ROLE = "PROTECTO_ROLE"
PASSWORD = "<password>".
GRANT ROLE "PROTECTO_ROLE" TO USER "PROTECTO_USER";
II. Granting required access in Snowflake
Next, we will explore how to grant "SELECT" and "USAGE" privilege for all databases, schemas and tables for the "PROTECTO_ADMIN" role. We will also grant 'imported privileges' on database snowflake to read logs from the snowflake history.
GRANT USAGE ON DATABASE "<database_name>" TO ROLE "PROTECTO_ADMIN";
GRANT USAGE ON FUTURE SCHEMAS IN DATABASE "<database_name>" TO ROLE "PROTECTO_ADMIN";
GRANT USAGE ON ALL SCHEMAS IN DATABASE "<database_name>" TO ROLE "PROTECTO_ADMIN";
GRANT SELECT ON FUTURE TABLES IN DATABASE "<database_name>" TO ROLE "PROTECTO_ADMIN";
GRANT SELECT ON ALL TABLES IN DATABASE "<database_name>" TO ROLE "PROTECTO_ADMIN";
Note: The above commands should be executed on all the databases created in the future on which Protecto should perform analysis.
Grant "IMPORTED PRIVILEGES" on database snowflake to "PROTECTO_ADMIN";
Adding Snowflake to Protecto
- Sign in to your Protecto account with the credentials shared with you.
- Once you are on the dashboard, on the left-hand panel, navigate to ‘Customize’ -> ‘Datasource’.
- Click the ‘Add Datasource’ button and add the required details:
- Datasource Name: Identifier for the data source (Any name of your choice).
- Warehouse Name: Enter the warehouse created earlier (e.g. PROTECT_WH).
- Account Name: Enter the account URL or account locator URL excluding the suffix (snowflakecomputing.com) (e.g., nq1234.west-us-2. azure).
- Role: Enter the role created earlier (e.g., PROTECTO_ROLE).
- Username: Enter the username created earlier (e.g., PROTECTO_USER).
- Password: Enter the password for the user.
Once all the above steps are done, Protecto will start analyzing your Snowflake datastore and provide insights into privacy and security risks in a few hours.