Using a Snowflake Reader Account for Easy Data Sharing

In today’s digital world, sharing and accessing data easily is crucial for business success. Snowflake offers a feature called Reader Accounts to make this easier.

A Snowflake Reader Account lets data providers share data with others, even if they’re not Snowflake customers, without needing them to sign up for Snowflake.

This feature shows Snowflake’s dedication to making data sharing simple and safe among different groups. This blog post will explain the basics of a Snowflake Reader Account, how to set it up, manage it, and the advantages it offers.

Getting to Know Snowflake’s Reader Accounts

A Reader Account is primarily aimed at querying data shared by the provider of the account. With a Reader Account, you can work with data by, for instance, creating materialized views. However, certain tasks are restricted in a Reader Account, such as uploading new data, modifying existing data, and unloading data using a storage integration​​. Refer to the Snowflake Documentation to see a list of commands that aren’t allowed in a reader account.

What are the costs associated to Snowflake Reading Accounts?

All costs are supported by the Provider Account. While creating a Reader Account is free, the Provider covers ally query processing (via Virtual Warehouses) and storage costs.

Creating and Configuring a Snowflake Reader Account

Creating a new Reader Account is straightforward. You need to give an account name, an optional description, a username for the Reader Account, and a password. After entering these details, you can create the account or cancel if you change your mind. By default, an Account Admin can create up to 20 Reader Accounts. Snowflake Support can increase this limit.

While provider sharing is generally enabled by default, some accounts might not have this feature. If you face any issues when trying to share data, you might need to contact Snowflake Support for assistance.

When you first set up a reader account, it starts with just one user, the account administrator. This administrator has the responsibility to configure the account, including adding users, defining roles, establishing virtual warehouses, and setting up shared databases.

Key Configuration Tasks:

1. Log in: The administrator must first log into the reader account using supported platforms like SnowSQL or the web interface. Ensure to use the ACCOUNTADMIN role during this process.
2. Roles (Optional): Although each account comes with standard roles, you can also create custom roles for more specific access controls.
3. Create Users: Add users who will access the reader account. Remember to grant them appropriate roles for their tasks.
4. Resource Monitors (Optional): To manage and monitor credit consumption by virtual warehouses, you can set up resource monitors. Skipping this could lead to unlimited credit consumption.
5. Virtual Warehouses: These are essential for querying shared data. Remember, your provider account will bear the costs, so adjust settings like warehouse size and auto-suspend features appropriately.
6. Databases: A reader account doesn’t have data by default. To access shared data, create databases for each shared resource.
7. Privilege Grants: Depending on how data providers share objects, you’ll either grant privileges via database roles or directly. At a minimum, users will need the necessary privileges to query shared databases and use the virtual warehouses.
8. User Invitations: Finally, notify your users that the account is ready. Use the ALTER USER command to generate unique URLs for each user, allowing them to reset passwords and log in.

Note: Some tasks, like creating users and defining roles, can be delegated to other trusted users for more efficient account management. Refer to the Snowflake Documentation for more details.

Managing a Snowflake Reader Account

One of the distinct features of Snowflake Reader Accounts is that they are not restricted by the conventional Role-Based Access Control (RBAC) read-only privileges. While you can create new users and grant any privileges, the data shared by the provider would remain read-only​​.

Managing Reader Accounts needs the ACCOUNTADMIN role or a role with the CREATE ACCOUNT global privilege. You can manage these accounts using Snowsight or the Classic Console in Snowflake’s web interface. Tasks like creating new accounts, checking existing ones, and removing a Reader Account are done easily through these tools.

Support for Reader Accounts comes from the account provider since general users in a Reader Account don’t have a deal with Snowflake. As the provider, you can answer questions and handle requests from users in the Reader Account. If you can’t solve their questions or issues directly, you can open a Snowflake Support ticket for help.

In a Nutshell

Snowflake’s Reader Accounts are a strong tool for organizations looking to share data easily with external or internal parties. By using this feature, organizations can work together better, keep data safe, and advance their data-driven goals.