Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

allow read-only feature while using snowflake as (sql) registry host. #3844

Closed
shuchu opened this issue Nov 27, 2023 · 1 comment · Fixed by #3851
Closed

allow read-only feature while using snowflake as (sql) registry host. #3844

shuchu opened this issue Nov 27, 2023 · 1 comment · Fixed by #3851
Labels
kind/feature New feature or request

Comments

@shuchu
Copy link
Collaborator

shuchu commented Nov 27, 2023

Is your feature request related to a problem? Please describe.
Based on the community user's (Zvonimir Cikojevic) feedback, we want to create a read-only feature for snowflake user who only can do READ to the registry on snowflake.

Hi guys! I hope I’m in the right channel.
I have Feast deployed on Snowflake and I’d like to limit the write access to the feature store.
The idea was to have a Snowflake role that only has Read privileges to the feature store schema (where the feast registry and our batch sources are deployed).
However, when assuming this role and running
store = feast.FeatureStore()
I get unauthorized error since the first SQL query Feast runs is CREATE TABLE IF NOT EXISTS DB.SCHEMA.DATA_SOURCES…
Does this mean that anyone who wishes to query the feature store has to have RW access?
Can you help me understand the reasoning behind this or did I miss something?
Thanks!

Yes, Feast tries to create registry Snowflake tables if they don't exist. I've created the registry when I first ran feast apply. This block of code always executed

feast/sdk/python/feast/infra/registry/snowflake.py

Line 128 in 9df2224

sql_function_file = f"{os.path.dirname(feast.__file__)}/infra/utils/snowflake/registry/snowflake_table_creation.sql"

when I run store = FeatureStore() .
In my case, this is unnecessary since I've (as a feature store admin) already created the registry.
I'd like to enable users to just have the ability to query the feature store - and not give them the privileges to write to the feature store tables (if they're not developers/admins).

Describe the solution you'd like
(TBD)

Describe alternatives you've considered
(TBD)

Additional context
(TBD)
@shuchu shuchu added the kind/feature New feature or request label Nov 27, 2023
@shuchu
Copy link
Collaborator Author

shuchu commented Dec 1, 2023
edited
Loading

Zvonimir, please be aware that this PR only changes the behavior of the initialization of the class: SnowflakeRegistry().

The default design of FEAST Registry allows all users to have modification privileges for their own "project", which means they can insert or delete records (with specified project_id) from FEAST Registry tables. If I go back to your original usage scenario, maybe we can create a dedicated (non-critical) Registry database for those "READ-only" users, and let them play free (or crash it :p)

This was referenced Dec 1, 2023
Closed
Closed
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/feature New feature or request
Projects
None yet
Milestone
No milestone
1 participant
@shuchu