Simplifying Access with Managed Roles

[spyglass-software]

Snowflake users get annoyed with roles because they're difficult to manage at scale. But the solution isn't to get rid of roles entirely, but to define and manage them programmatically.

🚀 That's why we're developing managed roles.

Managed roles allow users to define high level policies about who should be allowed to access what, and Spyglass handles the generation and maintenance of the necessary roles and grants to make it happen.

So far, we have a few use cases:

• Add programmatic role generation (1:1 for database, schema, table) #10
• Support tag-based role definitions #33
• sysadmin role should have access to all current/future databases, schemas, tables, etc.

We'll be adding to this list as we get feedback from people, but this we expect this to greatly reduce the mental overhead that data teams spend on access management.