By this point, two things should be very clear:
Your access model is not a clean hierarchy.
It behaves like a graph of inherited, interconnected permissions.
Which leads to a practical problem:
If access is a graph… how do you measure risk inside of it?
Because listing roles doesn’t work.
Auditing permissions doesn’t scale.
And “review everything quarterly” is how problems hide in plain sight.
So instead of trying to make access simple, we need to make it measurable.
The Shift: From Structure to Signal
Most organizations treat access as a structural problem:
- Define roles
- Assign permissions
- Review periodically
But structure doesn’t tell you where risk actually is.
Signals do.
Things like:
- How many roles touch a sensitive object
- How deep do inheritance chains go
- How much access hasn’t been reviewed recently
- How often do roles overlap in unexpected ways
Individually, these don’t mean much.
Together, they start to describe exposure.
What Is an Access Risk Score?
This is not a compliance score.
It’s not a certification.
A more useful definition is this:
An Access Risk Score quantifies how exposed your data platform is based on observable access patterns.
It doesn’t need to be perfect.
It needs to be directionally accurate enough to act on.
The Core Idea
Instead of asking:
“Is our access model correct?”
You start asking:
“Where is access most concentrated, least understood, or least controlled?”
That’s a very different question.
And it’s one you can actually answer with data.
Building the Score (Start Simple)
You don’t need a complex framework to begin.
You need a handful of high-signal indicators.
Role Explosion Factor (Governance Drift)
How many roles exist relative to your user base?
SELECT COUNT(*) AS total_roles
FROM SNOWFLAKE.ACCOUNT_USAGE.ROLES;More roles means more complexity – and less clarity around effective access paths.
Inheritance Depth (Hidden Complexity)
How many layers exist between users and data?
Conceptually:
User → Role → Role → Role → Object
The deeper the chain, the harder it is to understand and validate.
Stale Access Factor (Silent Risk)
How much access hasn’t been reviewed in a meaningful timeframe?
SELECT COUNT(*) AS stale_grants
FROM SNOWFLAKE.ACCOUNT_USAGE.GRANTS_TO_ROLES
WHERE created_on < DATEADD(month, -3, CURRENT_DATE());Old access is rarely intentional. It’s just never removed.
Object Exposure Index (Direct Risk)
How widely is data exposed across roles?
SELECT
name AS object_name,
COUNT(DISTINCT grantee_name) AS role_count
FROM SNOWFLAKE.ACCOUNT_USAGE.GRANTS_TO_ROLES
WHERE privilege = 'SELECT'
GROUP BY name
ORDER BY role_count DESC;The more roles that can access something, the harder it becomes to control downstream usage.
Turning Signals into a Score
This doesn’t need to be perfect.
It needs to be consistent.
A simple starting model:
- Role Explosion → 20%
- Inheritance Depth → 20%
- Stale Access → 30%
- Object Exposure → 30%
Then combine:
Access Risk Score =
(Role Factor * 0.2) +
(Inheritance Factor * 0.2) +
(Stale Access * 0.3) +
(Exposure Index * 0.3)
What This Gives You
Not a perfect answer – but something far more useful:
- A way to track risk over time
- A way to compare environments (Dev vs Prod)
- A way to prioritize cleanup efforts
- A way to explain risk to non-technical stakeholders
Instead of saying:
“We think access is messy”
– The Boss
You can say:
“Our exposure score increased 18% last quarter, driven by stale access and overexposed objects.”
That changes the conversation.
What This Is Not
This is not a compliance framework.
It’s not a replacement for security controls.
And it’s not mathematically precise.
It’s a decision-making tool.
And most organizations don’t even have the beginnings of one.
Where This Leads
Once you can measure access risk, the next step becomes obvious:
You need to see it.
Not in queries.
Not in spreadsheets.
But in something that makes patterns immediately visible.
Next in the Series
Next, we turn this into something tangible:
- A real “Who Has Access to What” dashboard
- Visualizing role relationships and exposure paths
- Highlighting high-risk areas instantly
Because once you can see the system clearly…
You can actually start controlling it.
Leave a Reply
You must be logged in to post a comment.