Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Feature] Add the ability to create tables and views with a row access policy. #1224

Open
3 tasks done
greenantim2 opened this issue Oct 28, 2024 · 1 comment
Open
3 tasks done

[Feature] Add the ability to create tables and views with a row access policy. #1224

greenantim2 opened this issue Oct 28, 2024 · 1 comment
Labels
enhancement New feature or request

Comments

@greenantim2
Copy link

Is this your first time submitting a feature request?

  • I have read the expectations for open source contributors
  • I have searched the existing issues, and I could not find an existing issue for this feature
  • I am requesting a straightforward extension of existing dbt-snowflake functionality, rather than a Big Idea better suited to a discussion

Describe the feature

I would like to be able to specify a row access policy to apply to a table or view when it is created. For example add a config option such as row_access_policy where you would specify the policy name and the column that it applies to.

{{
config(
row_access_policy='test_db.security.tenant_row_access__policy ON (tenantid)'
)
}}

When the table or view is compiled the resulting code would look like

CREATE TABLE
test_db.published.SalesData
WITH ROW ACCESS POLICY test_db.security.tenant_row_access__policy ON (tenantid)
AS ( ...

Describe alternatives you've considered

I've considered using a post hook to apply the row access policy after the table has been created. The problem with this approach is that there is a slight delay after the table has been created and before the row access policy has been applied where all of the data is exposed to the consumer. This is not a viable option as it exposes sensitive data.

Who will this benefit?

Anyone who uses row access policies in Snowflake.

Are you interested in contributing this feature?

I would be willing to test any changes, I'm not sure that I have the ability to make the changes.

Anything else?

No response
@greenantim2 greenantim2 added enhancement New feature or request triage labels Oct 28, 2024
@amychen1776 amychen1776 removed the triage label Nov 5, 2024
@amychen1776
Copy link

amychen1776 commented Nov 5, 2024
edited
Loading

Hello @greenantim2 thank you for opening this feature request! We will not be able to support this in the short term but is something I'm happy to examine for the future. I'm going to leave this issue open for others to chime in on if they are also interested (please 👍 the OG post)

It might be interesting for you in the short term to take a look at how this package is handling data masking https://hub.getdbt.com/entechlog/dbt_snow_mask/latest/ for inspiration on how you could implement it in the short term

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@amychen1776 @greenantim2