Astrato supports security integration with Snowflake; this allows customers to use their existing authentication and authorization configuration, including roles, as they have applied them to their Snowflake platform.

Organizations using an Okta integration for Single Sign-On (SSO) with Snowflake can enable Enterprise Authentication so that each user of Astrato is individually identified in Snowflake and served only the content they are permitted to see.

Through a single Astrato dashboard or workbook, permissions and access according to your Security protocols apply to:

All these features work with the ID protocol (IdP) that you’ve set up so that a single workbook in Astrato shows a different set of data for each user.

Row-level permissions in Snowflake allow customers to restrict the rows in a table to specific users. Once Security integration is configured between Astrato and SnowFlake, no further permissions set up is required in Astrato workbooks.

All queries sent from Astrato automatically pass through permissions configured in Snowflake and are applied to the results.

In the diagram in Example 1, Jeremy can only see Europe’s sales data and Olivia can only see North America’s data based on the permissions configured in Snowflake.

Example 1 - Row-level security using SSO

In addition to row-level permissions, data masking can be applied in Snowflake based on the user's permissions.

In Example 2 Angelika and Peter have access to the same HR dashboard created in a single workbook in Astrato, but Peter isn't allowed to see personal data.

Example 2 - Data masking using SSO in Snowflake applied to a dashboard in Astrato.

You can read more about Snowflake's row-level access policies their column-level access policies and their dynamic data masking

The rest of the steps are the same for setting up Enterprise Authentication in Astrato.