Snowflake Accounts, Databases and Schemas: Best Practices

To Nha Notes | Nov. 1, 2022, 3:46 p.m.

The diagram below shows the most straightforward solution in terms of data management.  In this case, the entire system is deployed to a single account, and Role-Based Access Control (RBAC) used to maintain separation.

The main drawback is the potential to accidentally grant access to a production schema to a non-production role.  However, this risk can be eliminated by scripting grants and using a strong naming convention between environments.  This could be used (for example) to generate the script to grant PROD_WORKING_READ role to PROD_DATA_ANALYST.  As the actual command is generated, it would automatically prevent granting the PROD access to a DEV role.

References

https://www.analytics.today/blog/snowflake-accounts-best-practice