Data Governance in Snowflake

Soumak Das
5 min readSep 14, 2023

Data Governance Management in Snowsight — Now Generally Available

With this release 7.32, snowflake announced the general availability of the Data Governance interface within Snowsight. The Governance interface encompasses a Dashboard tab for monitoring the utilization of the most frequently employed masking policies, row access policies, and tags in relation to their application on tables and columns. Furthermore, the Governance interface incorporates a Tagged Objects tab, facilitating reporting on the Dashboard data, along with the option to manually document the utilization of tags and policies on tables and columns.

Upon selecting an element within the Dashboard, automatic updates to the Tagged Objects tab filters are initiated by Snowsight. Additionally, when a row is selected within the Tagged Objects tab, Snowsight seamlessly redirects you to the respective object or column within the Data » Databases interface. This enables efficient management of policy and tag assignments as necessary.

Managing data governance in Snowflake involves creating and assigning tags to Snowflake objects. Here’s an overview of the process:

  1. Creating Tags: Tags are created using the “CREATE TAG” statement. This statement defines a tag that can be applied to various Snowflake objects.
  2. Assigning Tags: Tags can be assigned to Snowflake objects using either Snowsight or an “ALTER <object>” command. New objects can also be tagged during their creation with the “CREATE <object>” command.

Note: Not all objects support tagging with the “ALTER <object>” command. The Supported Objects section provides details on which objects support this method.

  1. Monitoring Tag Usage: After tags are assigned, their usage can be monitored through SQL queries or Snowsight. This allows you to track how tags are being utilized within your Snowflake environment.

For streamlined management, a centralized approach is recommended, where a custom role named “tag_admin” is created. This role should be granted both “CREATE TAG” and global “APPLY TAG” privileges. This custom role is responsible for creating and assigning tags to Snowflake objects.

It’s important to note that in the provided example, the ACCOUNTADMIN system role is used. In a production environment, you may consider creating a custom role with the necessary privileges to qualify the “tag_admin” role.

--

--

Soumak Das

Sr. Data Engineer @EY & Snowflake/Airflow/Databricks/AWS writer