Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Feature] Add the ability to create tables and views with a row access policy. #697

Open
3 tasks done
greenantim2 opened this issue Oct 28, 2024 · 1 comment · May be fixed by #901
Open
3 tasks done

[Feature] Add the ability to create tables and views with a row access policy. #697

greenantim2 opened this issue Oct 28, 2024 · 1 comment · May be fixed by #901
Labels
pkg:dbt-snowflake Issue affects dbt-snowflake type:enhancement New feature request

Comments

@greenantim2
Copy link

Is this your first time submitting a feature request?

  • I have read the expectations for open source contributors
  • I have searched the existing issues, and I could not find an existing issue for this feature
  • I am requesting a straightforward extension of existing dbt-snowflake functionality, rather than a Big Idea better suited to a discussion

Describe the feature

I would like to be able to specify a row access policy to apply to a table or view when it is created. For example add a config option such as row_access_policy where you would specify the policy name and the column that it applies to.

{{
config(
row_access_policy='test_db.security.tenant_row_access__policy ON (tenantid)'
)
}}

When the table or view is compiled the resulting code would look like

CREATE TABLE
test_db.published.SalesData
WITH ROW ACCESS POLICY test_db.security.tenant_row_access__policy ON (tenantid)
AS ( ...

Describe alternatives you've considered

I've considered using a post hook to apply the row access policy after the table has been created. The problem with this approach is that there is a slight delay after the table has been created and before the row access policy has been applied where all of the data is exposed to the consumer. This is not a viable option as it exposes sensitive data.

Who will this benefit?

Anyone who uses row access policies in Snowflake.

Are you interested in contributing this feature?

I would be willing to test any changes, I'm not sure that I have the ability to make the changes.

Anything else?

No response
@greenantim2 greenantim2 added type:enhancement New feature request triage:product In Product's queue labels Oct 28, 2024
@amychen1776 amychen1776 removed the triage:product In Product's queue label Nov 5, 2024
@amychen1776
Copy link
Contributor

amychen1776 commented Nov 5, 2024
edited
Loading

Hello @greenantim2 thank you for opening this feature request! We will not be able to support this in the short term but is something I'm happy to examine for the future. I'm going to leave this issue open for others to chime in on if they are also interested (please 👍 the OG post)

It might be interesting for you in the short term to take a look at how this package is handling data masking https://hub.getdbt.com/entechlog/dbt_snow_mask/latest/ for inspiration on how you could implement it in the short term

@mikealfare mikealfare added the pkg:dbt-snowflake Issue affects dbt-snowflake label Jan 15, 2025
@mikealfare mikealfare transferred this issue from dbt-labs/dbt-snowflake Jan 25, 2025
@b-per b-per linked a pull request Mar 12, 2025 that will close this issue
Open
4 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
pkg:dbt-snowflake Issue affects dbt-snowflake type:enhancement New feature request
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

ADAP-1254: Add row access policy and table_tag config for snowflake dbt-labs/dbt-adapters
3 participants
@mikealfare @amychen1776 @greenantim2