Role-Based Access Auditing in Snowflake Notebooks with Streamlit

A utility notebook to audit and report on user roles and privileges, ensuring adherence to security policies.

Here's what we're implementing:

1. User Role Analysis
2. Role Grant Analysis

For each of these implementation, we're doing the following:

1. SQL query for retrieving the data
2. Converting data to a Pandas DataFrame
3. Preparing and reshaping the data
4. Creating a dashboard with Streamlit and Altair

1. User Role Analysis

First, we'll start by retrieving user details (name, disabled status, last login, creation date) and their active role assignments (granted roles, who granted them, when granted) by joining the USERS and GRANTS_TO_USERS tables.

Next, we'll convert the above SQL query output to a Pandas DataFrame.

Then, we'll prepare the data for subsequent data visualization.

Finally, we'll use Streamlit to create a simple dashboard for user analysis.

2. Role Grant Analysis

Secondly, we'll craft a SQL query to show all active privileges granted to roles, including what type of privilege was granted, what object it was granted on, the specific object name, who granted it and when it was created.

Then, we'll prepare the data for subsequent data visualization.

Finally, we'll use Streamlit to create a simple dashboard for role grant analysis.

Go ahead and adjust the select box widgets for privileges and object types.

Want to learn more?

• Snowflake Docs on Account Usage, USERS view and GRANTS_TO_USERS
• More about Snowflake Notebooks
• For more inspiration on how to use Streamlit widgets in Notebooks, check out Streamlit Docs and this list of what is currently supported inside Snowflake Notebooks
• Check out the Altair User Guide for further information on customizing Altair charts