Start a new dashboard by clicking the blue **+ Dashboard** button at the top-right of the screen, and name it "Security Dashboard Quickstart." You may see that there is no warehouse selected for the dashboard (depending on how you arrived here). Set your role context to the role you created earlier: Next, log in to the Snowflake UI, Snowsight, and navigate to the "Dashboards" section on the left menu: It also means you can give people access to this information by granting them access to the SENTRY role or an equivalent role with access to the equivalent resources. This ensures you have the proper resources to run the SQL that you will be writing.
Each time you want to use these dashboards, set your context, like so: use role SENTRY Now we have a role named SENTRY that has access to the proper resources. Grant usage on warehouse SENTRY to role SENTRY Grant imported privileges on database snowflake to role SENTRY Ĭreate or replace warehouse SENTRY with warehouse_size='SMALL' You can do this in whatever UI or tool you want. We will create a special role, grant it rights, and then grant that role to the user that you are using for this lab. The majority of what you should need to know is in the documentation here:įirst, prepare by setting up some background items. So, we will step through creating the first tile in detail, and assume you will know what to do for the rest.
ILIKE ANY SNOWFLAKE HOW TO
How to create these tiles is not the point of this lab, but if you don't know the basics, you will likely get lost. Throughout this lab we will be creating dashboard tiles ( i.e. A set of Security dashboards for Snowflake.The items the Security Field CTO team thinks are the right starting point for understanding the security posture of your Snowflake Account(s).How to use SQL to explore Snowflake's security auditing and configuration metadata.Accountadmin role for the Snowflake account where you will work.Familiarity with Snowflake's Snowsight tile creation and management.Configuration drift: Deviations from baseline normal to network policies, security integrations, replication, and failback-enabled Snowflake Accounts.Users: Most dangerous user, disabled users not yet dropped, and users with stale passwords.Roles: RBAC maturity ratings, AccountAdmin usage monitoring, least-used roles for users.Authentication patterns: Failed login attempts organized by user and reason, and account-wide visibility of the authentication types in use.These dashboards are for any Snowflake customer who wants to gain a deeper understanding of their Snowflake account. You will build a replica of that MVP during this Quickstart lab. We created a set of sample tiles contained in a single dashboard to act as an MVP for monitoring security items in Snowflake. In 2021, we started a project (code named "Snow Sentry") that aimed to take much of that advice and put it into code. We've tried many ways to deliver the answer to this question, from checklists and tutorials to documents and slides. Most of them have a simple request: "Tell us how to do security well for Snowflake, please." It's a reasonable thing to ask. The Security Field CTO team at Snowflake has talked with thousands of Snowflake customers over the years.
0 kommentar(er)
