Spendview for Snowflake is a free module of DataOps.live Observe, a core component of our data product platform.
Spendview for Snowflake ensures your sensitive data is maintained and protected from inappropriate access. We do not store your data or metadata. We only access Snowflake data share and historical data to provide calculation results that run at your Snowflake instance and back to DataOps.live observability.
Spendview for Snowflake uses a Snowflake role granted two database roles on Snowflake data share, providing visibility into policy-related and historical usage information, respectively.
The below diagram shows the workflow to have a read-only privilege to a subset of the
ACCOUNT_USAGE schema in Snowflake data share:
- A new user is used to connect to the customer's Snowflake account. By default, the new user
DATAOPS_OBSis created via our script and is used to connect to the Snowflake account. You can customize the new user name as needed.
- The new Snowflake role
DATAOPS_OBS_VIEWERis granted to this user, letting them log in to Snowflake and have access per the role privileges.
- The two database roles
USAGE_VIEWERare granted to the new user
DATAOPS_OBS, or whatever username you used.
See the Snowflake documentation ACCOUNT_USAGE VIEWS by Database Role for more details about the privileges to query the
ACCOUNT_USAGE views in the shared database.