Secure Data Sharing enables sharing selected objects (tables, secure views, and secure UDFs) in a database in your account with other Snowflake accounts. The principle participants in any data sharing relationship are the provider and one or more consumers. Snowflake enables the sharing of databases through shares, which are created by data providers and "imported" by data consumers. All database objects shared between accounts are read-only (i.e. the objects cannot be modified or deleted, including adding or modifying table data).
With Secure Data Sharing, no actual data is copied or transferred between accounts. All sharing is accomplished through Snowflake’s unique services layer and metadata store. This is an important concept because it means that shared data does not take up any storage in a consumer account and, therefore, does not contribute to the consumer’s monthly data storage charges. The only charges to consumers are for the compute resources (i.e. virtual warehouses) used to query the shared data.
In addition, because no data is copied or exchanged, Secure Data Sharing setup is quick and easy for providers and access to the shared data is instantaneous for consumers:
With Secure Data Sharing, no actual data is copied or transferred between accounts. All sharing is accomplished through Snowflake’s unique services layer and metadata store. This is an important concept because it means that shared data does not take up any storage in a consumer account and, therefore, does not contribute to the consumer’s monthly data storage charges. The only charges to consumers are for the compute resources (i.e. virtual warehouses) used to query the shared data.
In addition, because no data is copied or exchanged, Secure Data Sharing setup is quick and easy for providers and access to the shared data is instantaneous for consumers:
- The provider creates a share of a database in their account and grants access to specific objects (i.e. tables, secure views, and secure UDFs) in the database. One or more accounts are then added to the share, which can include your own accounts (if you have multiple Snowflake accounts).
- On the consumer side, a read-only database is created from the share. Access to this database is configurable using the same, standard role-based access control that Snowflake provides for all objects in the system.
- The privileges that grants access to the database and the schema containing the objects to share.
- The privileges that grant access to the specific objects (tables, secure views, and secure UDFs).
- The consumer accounts with which the database and its objects are shared.
- New objects added to a share become immediately available to all consumers, providing real-time access to shared data.
- Access to a share (or any of the objects in a share) can be revoked at any time.
