Snowflake Dashboards can do a lot more than just show pretty numbers. Today, let’s focus on something that every data pro eventually has to deal with—filters that make navigating your dashboards less painful, especially when it comes to everyone’s favorite task: AUDITING.
Ah yes, auditing—because nothing says “data dream job” like tracing permissions. Whether it’s quarterly compliance checks or a sudden request from an overly curious auditor, somebody, at some point, will ask, “Who has access to what in Snowflake?” So let’s make that answer easy to deliver.
Step 1: Build a New Dashboard
Start by creating a fresh dashboard in Snowsight. Add a tile using a SQL query like this one. It gives you the breakdown of roles and what they have access to.
SELECT
grantee_name as role_name
, privilege
, granted_on as object_type
, name as object_name
, grant_option
FROM snowflake.account_usage.grants_to_roles
WHERE granted_on in ('TABLE', 'VIEW', 'SCHEMA', 'DATABASE')
AND deleted_on is null
ORDER BY role_name, object_type, object_name;This is your base query—we’ll enhance it with filters to make it interactive.
Step 2: Add Filters
You’ll notice Snowflake gives you two filters out of the box: :databucket and :datarange. But let’s go further.
Start by adding :Role_Name—we’ll use that to filter by role. Then, add a second one for :Object_Name. (Tip: keep your filter naming consistent, especially if your dashboard grows.)
Click the big blue + Filter button. You’ll see a configuration screen. Set up your new filter like this:
- Name:
:Object_Name - Warehouse: Choose a valid one (this powers the dropdown)
- Role: Choose a role with appropriate access
- Query:
SELECT DISTINCT name as object_Name
FROM SNOWFLAKE.ACCOUNT_USAGE.GRANTS_TO_ROLES
WHERE granted_on IN ('TABLE', 'VIEW', 'SCHEMA', 'DATABASE')
AND deleted_on IS NULL
ORDER BY name; This query ensures your dropdown stays aligned with the base data you’re displaying—critical for consistency.
You can allow multiple selections, enable “All,” or even an “Other” option if you want users to input values manually.
Step 3: Modify the Tile Query to Use Filters
Now that filters are set up, wire them into your SQL tile:
SELECT
grantee_name as role_name
, privilege
, granted_on as object_type
, name as object_name
, grant_option
FROM snowflake.account_usage.grants_to_roles
WHERE granted_on in ('TABLE', 'VIEW', 'SCHEMA', 'DATABASE')
AND deleted_on is null
AND grantee_name = :Role_Name
AND name = :object_name
ORDER BY role_name, object_type, object_name;Just like that—you now have a dashboard that lets you quickly answer, “Who has access to what?”, filtered by role and object.
Snowflake Dashboards don’t just look good—they can actually save you time. Whether you’re prepping for an audit or trying to clean up a spaghetti mess of role grants, these filters give your dashboards real power.
And hey, if this keeps you from getting an “urgent” email from your CISO at 4:59 PM on a Friday, I’ll call that a win.
Until next time, friends
Leave a Reply
You must be logged in to post a comment.