Loading controls...

Benchmark: Identity and Access Management

Overview

Once your Snowflake account is accessible, the next step in gaining access to Snowflake is to authenticate the user. Users must be created in Snowflake prior to any access. Once the user is authenticated, a session is created with roles used to authorize access in Snowflake.

Usage

Browse dashboards and select Identity and Access Management:

steampipe dashboard

Or run the benchmarks in your terminal:

steampipe check snowflake_compliance.benchmark.security_overview_iam

Snapshot and share results via Steampipe Cloud:

steampipe login
steampipe check --share snowflake_compliance.benchmark.security_overview_iam

Controls

Disable Snowflake authentication for all non-administrator users
Enable MFA for users to provide an additional layer of security
Set the default_role property for users
Use managed access schemas to centralize grant management
At least two users must be assigned ACCOUNTADMIN role
ACCOUNTADMIN role must not be set as the default role for users
Ensure an email address is specified for users with ACCOUNTADMIN role

turbot/snowflake_compliance

Benchmark: Identity and Access Management

Overview

Usage

Controls

Tags

Steampipe

Resources

Community