Veza for Snowflake

Snowflake is probably your single largest repository of sensitive data, from customer behavior, to PII, to payment info. As more and more services build on top of the data warehouse, managing access to that data only gets harder to scale. Veza definitively answers the question : Who can take what action on data in Snowflake?

Identity security challenges in Snowflake


Snowflake’s RBAC system is extensive and complex. Users can be assigned multiple roles with overlapping privileges, plus roles can be nested within other roles, making provisioning outcomes difficult to predict and least privilege impossible to maintain.


Security and governance teams are managing many more resources and identities in Snowflake than in the on-prem world, especially if you count machine identities. Traditional security and governance tools and processes are still catching up.

Siloed access data

Snowflake knows the permissions assigned to local roles and users. Your IdP knows which users and groups can assume a role. Neither can connect a federated identity to its specific permissions in Snowflake.

Team Enablement

All departments depend on the data warehouse to power their use cases. Access requests must be processed fast, and without a clear understanding of the permissions granted by Snowflake roles, it’s hard to balance enablement with least privilege.

How Veza can help

Veza is powered by its Access Graph, which gives organizations the ability to visualize access relationships between all identities and systems by connecting users, groups, roles, and permissions.

Key Benefits
  • Reduced Risk: Surface and prioritize identities with the highest privilege, risk, or policy issues across all enterprise systems, without having to master Snowflake’s complex access control model.
  • Least Privilege: Reduce risks and simplify audits by continuously identifying and remediating identity misconfigurations, dormant permissions, and over-permissioned identities.
  • Team Efficiency: Reduce manual, repetitive tasks by leveraging automation to detect and remove dormant access. Use Veza to delegate access decisions to business managers who best understand specific systems.
Key Features
  • Effective permissions: translate Snowflake RBAC permissions into simple, human-readable language—”create, read, update, delete”.
  • Automated monitoring: watch continuously for policy violations and new privileged accounts, so you can comply with internal controls and external regulations without burdening security and governance teams.
  • Activity monitoring: Identify roles and users in Snowflake with unused privileges to remove dormant identities, right-size access, and cut unused permissions.
  • Agentless read-only connections to both Snowflake and your identity providers, give a complete picture of the access granted to federated identities, revealing governance blindspots, like local users.

Major fintech brands manage risk with Veza

Financial organizations are entrusted with sensitive customer data and have strict compliance obligations. Learn how fintech brands use Veza for Snowflake to ace compliance and maintain security through Intelligent Access.

“As a fintech company, our customers rely on us to maintain a strong compliance posture to keep their data secure. Veza helped us implement governance standards within our Snowflake deployment by giving my team visibility to manage all identities and their access to data in Snowflake. Veza empowers my teams with the insights they need to manage and mitigate risks.”

Steven Hadfield | Senior Staff Product Security Engineer

View case study

We are able to get insights into least privilege, cloud entitlements, and cloud misconfigurations by understanding the scope of authorization on data for any account.
Scott “Ziggy” Brode | Director of Quality Assurance

View case study

Ready to learn more?

Schedule a demo to see how Veza brings Identity Security to Snowflake